Bugzilla – Bug 556
sudo 1.8.4p4 core dumps across our fleet of severs
Last modified: 2012-05-17 11:08:57 MDT
Created attachment 344 [details] pstack of core dump and output of sudo -V I'm not sure why, but I've found core dumps an all our servers ( Solaris 10 SPARC - 147440-12 ) with 1.8.4p4. Here is a 'pstack' output and 'sudo -V' output:
What version of Solaris is this?
Created attachment 345 [details] Patch to prevent crash in handler_nofwd() Apparently the siginfo_t structure in a siginfo-style signal handler can be NULL on Solaris at least. The attached patch takes that into account.
Ok. I've applied this patch and installed on 2 hosts. Will let you know how it goes. BTW, these are Solaris 10 on kernel patch - 147440-12.
Even after applying the patch, we're seeing core dumps.( Attached )
Created attachment 346 [details] pstack of core dump
Are you sure the new stack trace is from the patched sudo? It appears that the siginfo_t * argument is NULL in both of them and the patch will prevent the NULL dereference. That signal handler does very little and the only possible case it could dump core when dereferencing the siginfo_t *.
Yep, the core file was generated a day after I installed the patched sudo. /software/src/sudo/sudo-1.8.4p4/src>grep si_code exec.c if (info == NULL || info->si_code <= 0) { But I have a theory that one of the pre-existing sessions running a script under the old sudo may have caused this core dump ? Because I've only had one core dump since the new package was installed. I should probably wait and see if there are any more. Haven't see a core dump on the other server I'm testing on either. Thanks !
Fixed in sudo 1.8.5.