Bug 948 – segmentation fault when unknown username is given

Bug 948 - segmentation fault when unknown username is given


Summary:	segmentation fault when unknown username is given

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.9.4
Hardware:	PC Linux

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2020-12-04 02:24 MST by Sjon
Modified:	2020-12-17 15:00 MST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sjon 2020-12-04 02:24:26 MST

this is kind of a weird bug and it might be caused by an external program, I could use some help determining the cause. When I run:

$ sudo -u xxx ls / (where xxx is a non-existing username)

I get a segmentation fault:

 sudo[31444]: segfault at 0 ip 00007f7bcc05b1ce sp 00007ffd40c1a240 error 4 in sudoers.so[7f7bcc048000+5a000]

However, while attempting to debug this I noticed it works fine. When running with strace or gdb, sudo does not segfault, instead it (properly) outputs:

sudo: effective uid is not 0, is /bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

I don't think my config has anything special, this is on archlinux with:

sudo.conf:
Plugin sudoers_policy sudoers.so
Plugin sudoers_io sudoers.so
Plugin sudoers_audit sudoers.so

and sudoers:
root	ALL=(ALL) ALL
user	ALL=(ALL) NOPASSWD: ALL

If you need any other information I'll be happy to help

Comment 1 Sjon 2020-12-04 02:25:30 MST

I tested with non-existing numeric ids and it outputs a slightly different error:

$ sudo -u \#9999 ls /

sudo: unknown user: #9999

Comment 2 Todd C. Miller 2020-12-04 06:58:15 MST

Thanks for the report, fixed by: https://www.sudo.ws/repos/sudo/rev/8b24c140ec7c

Comment 3 Todd C. Miller 2020-12-17 15:00:42 MST

Fixed in sudo 1.9.4p1