Bug 452 – sudo crash when seeing dir in #includedir

Bug 452 - sudo crash when seeing dir in #includedir


Summary:	sudo crash when seeing dir in #includedir

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudoers
Version:	1.7.4
Hardware:	PC Linux

Importance:	low high
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2010-11-15 06:23 MST by Elan Ruusamäe
Modified:	2011-04-11 08:07 MDT (History)
CC List:	0 users

See Also:

Attachments
Patch to fix crash when a non-regular file is in the includedir (562 bytes, patch) 2011-03-27 09:18 MDT, Todd C. Miller	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Elan Ruusamäe 2010-11-15 06:23:28 MST

# grep includedir /etc/sudoers
#includedir /etc/sudoers.d

# mkdir /etc/sudoers.d/CVS

# EDITOR=vim visudo 
visudo: : No such file or directory
visudo: editor (/usr/bin/vim) failed, /etc/sudoers unchanged
Segmentation fault

Comment 1 Elan Ruusamäe 2010-11-15 06:27:44 MST

strace of "sudo id", which reports on console:

# sudo id
sudo: can't stat : No such file or directory
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)


...
open("/etc/sudoers.d", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5
fstat64(5, {st_mode=S_IFDIR|0550, st_size=16, ...}) = 0
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
getdents64(5, /* 3 entries */, 4096)    = 72
stat64("/etc/sudoers.d/CVS", {st_mode=S_IFDIR|0775, st_size=48, ...}) = 0
getdents64(5, /* 0 entries */, 4096)    = 0
close(5)                                = 0
lstat64("", 0xbffe97ec)                 = -1 ENOENT (No such file or directory)
setresgid32(-1, 0, -1)                  = 0
setresuid32(0, 1, 0)                    = 0
lstat64("", 0xbffe97ec)                 = -1 ENOENT (No such file or directory)
setresuid32(0, 0, 0)                    = 0
setresgid32(-1, 0, -1)                  = 0
...

Comment 2 Todd C. Miller 2010-11-30 12:21:30 MST

I'm unable to reproduce this and the includedir code explicitly skips non-regular files.

Can you tell me a little bit more about your environment, such as which version of Linux, whether you are using the vendor's sudo package (and if so, the package version) or whether your sudo is build from source?

Comment 3 Elan Ruusamäe 2011-03-26 13:42:34 MDT

it is pld linux, and i am building rpm package

seems it is something environment specific. as if i build the same codebase on the different favour of distribution (2.0 vs 3.0), then on the newer 3.0 (th) i do not notice such behaviour and on older 2.0 (ac) it segfaults

on system where it segfaults:
glibc-6:2.3.6-18.i686
gcc-5:3.3.6-9.i686

# mkdir -p /etc/sudoers.d/CVS
# sudo -l
sudo: can't stat : No such file or directory
Segmentation fault
# sudo -V|head -n1
Sudo version 1.7.5



on system where it does not segfault:
gcc-4.5.1-5.x86_64
glibc-2.13-3.x86_64

# mkdir -p /etc/sudoers.d/CVS
# sudo -l
User root may run the following commands on this host:
    (ALL) ALL
    (ALL) NOPASSWD: ALL
# sudo -V |head -n1
Sudo version 1.7.5

so i'm not really sure what can be cause of the segfault, i suspect glibc glob.

Comment 4 Elan Ruusamäe 2011-03-26 13:55:37 MDT

seems there's also double free or memory corruption?

$ sudo -l
sudo: can't stat : No such file or directory
*** glibc detected *** free(): invalid pointer: 0x080816f0 ***
Aborted

Comment 5 Todd C. Miller 2011-03-27 09:18:26 MDT

Created attachment 310 [details]
Patch to fix crash when a non-regular file is in the includedir

I was able to install pld Linux 2.0 in a VM and reproduce the problem.  The attached patch fixes it and will be included in sudo 1.7.6.

Comment 6 Elan Ruusamäe 2011-03-28 08:24:39 MDT

your patch is invalid, but simple s/PATH/path/ fixes it (wrong case in first chunk) :)

Comment 7 Todd C. Miller 2011-04-11 08:07:16 MDT

Fixed in sudo 1.7.6 and 1.8.1