Bugzilla – Bug 404
sudo will segfault if /etc/sudoers is missing.
Last modified: 2010-04-11 06:16:30 MDT
Ubuntu Karmic, with the most recent patches: root@little-rascal:/etc# mv sudoers sudoers-old root@little-rascal:/etc# sudo true sudo: can't stat /etc/sudoers: No such file or directory Segmentation fault I rather doubt /bin/true is segfaulting. Finding a segfault is one of the first steps to creating an exploit, so I understand, but I'm no expert, so I'm just filing this as "high". I'll file a bug report with the Ubuntu people, as well, in case they have any patches against the source.
This was fixed some time ago: changeset: 4303:ece3ca256904 user: Todd C. Miller <Todd.Miller@courtesan.com> date: Fri Jan 09 00:13:37 2009 +0000 summary: Do not try to set the close on exec flag if we didn't actually open sudoers. That change is present in sudo 1.7.1 and higher.
(In reply to comment #1) > This was fixed some time ago: > > changeset: 4303:ece3ca256904 > user: Todd C. Miller <Todd.Miller@courtesan.com> > date: Fri Jan 09 00:13:37 2009 +0000 > summary: Do not try to set the close on exec flag if we didn't > actually open sudoers. > > That change is present in sudo 1.7.1 and higher. Thanks. The Ubuntu folk are using 1.7.2 in Lucid, and don't consider this to be a bug worth backporting to fix.