Bugzilla – Bug 978
sudo is giving error
Last modified: 2021-09-11 15:54:56 MDT
uxadmin1@hupa28:/etc # sudo ls Memory fault(coredump)
only version working is for this server is 4280320 Mar 31 09:33 ixSudo_ixSudo_A.20.00-1.8.6p3.001_HP-UX_B.11.31_IA_PA.depot
Can you try sudo 1.9.7? It contains a datasize resource limit fix for HP-UX that may be relevant here.
uxadmin1@hupa28:/var/adm/crash/venkatc/software # sudo -V Sudo version 1.9.7 Sudoers policy plugin version 1.9.7 Sudoers file grammar version 48 Sudoers I/O plugin version 1.9.7 Sudoers audit plugin version 1.9.7 uxadmin1@hupa28:/var/adm/crash/venkatc/software # sudo ls Memory fault(coredump) uxadmin1@hupa28:/var/adm/crash/venkatc/software # which sudo /usr/bin/sudo1 uxadmin1@hupa28:/var/adm/crash/venkatc/software # ls -ltr /usr/bin/sudo1 lrwx------ 1 root sys 19 Jun 3 18:19 /usr/bin/sudo1 -> /usr/local/bin/sudo uxadmin1@hupa28:/var/adm/crash/venkatc/software #
Please add the following to /etc/sudo.conf (you may need to create this file if it doesn't already exist). Debug sudoers.so /var/adm/sudoers_debug all@debug Then run "sudo -ls" on that system. That should create the file /var/adm/sudoers_debug with debugging data to help me understand where the problem is. You can either attach that file to this bug or, if you'd prefer, email it to sudo@sudo.ws and I will analyze it.
I have emailed debug info pls help me analyze, thanks
$./getgids root Memory fault(coredump) $ pstack ./getgids core unable to find (static?) executable /usr/bin/ ./getgids: /usr/bin/ core: getgids -------------------------------- lwpid : 5499156 ------------------------------- 0: c000000000039e40 : _nss_compat_constr() + 0x5b0 (/usr/lib/hpux64/libnss_compat.so.1) 1: c000000000614d30 : nss_search() at ../../../../../core/libs/libc/shared_em_64_perf/../net/net/nss_common.c:513 2: 4000000000004fe0 : sudo_getgrouplist2_v1() at getgrouplist.c:415 3: 4000000000004b20 : main() at getgids.c:73 4: c00000000006fd50 : main_opd_entry() + 0x50 (/usr/lib/hpux64/dld.so) 5: c000000000039e70 : _nss_compat_constr() + 0x5e0 (/usr/lib/hpux64/libnss_compat.so.1) 6: 9fffffffbf6f8c68 : (unknown) () (unknown) $ id -G root 3 $ sudo id -G root 3 0 1 2 4 5 6 7 20
It looks like the crash is happening inside the nsswitch code. Can you share the nsswitch.conf group line? E.g. $ grep group /etc/nsswitch.conf
I can reproduce the problem with the nsswitch.conf line: group: compat but not with: group: files nis Now that I can reproduce the problem I should be able to get to the bottom of it.
grep group /etc/nsswitch.conf group: compat netgroup: nis [NOTFOUND=return] files
I was not able to find the cause of the crash inside the HP-UX nss_compat moddule. There is probably some mismatch between the data structures sudo is using for nss_search and the HP-UX implementation. Unfortunately, HP doesn't ship the header files like Solaris does. For sudo 1.9.7p1 (available now) I have disabled the use of nss_search() on HP-UX. Sudo will fall back to using getgrent() to find a user's groups. This may be slower but it does not cause a crash for "group: compat".