(2) Going back to backtrace we have:
mode_run -> policy_check -> sudoers_policy_main - >create_admin_success_flag -> user_in_group (global sudo_user) /* Check whether the user is in the admin group. */ if (!user_in_group(sudo_user.pw, "admin") && !user_in_group(sudo_user.pw, "sudo")) debug_return_int(true); and then user_in_group calls: if ((grlist = sudo_get_grlist(pw)) != NULL) { if "admin" == pw->pw_gid: matched = 1, goto done. (gdb) print sudo_user->pw->pw_gid $5 = 7241 Not the case. /* * Next check the supplementary group vector. * It usually includes the password db group too. */ for (i = 0; i < grlist->ngroups; i++) { if (strcasecmp(group, grlist->groups[i]) == 0) { matched = true; goto done; } } (gdb) frame 1 #1 0x00007fa01c0a7ab1 in user_in_group (pw=0x56174c050ca8, group=group@entry=0x7fa01c0b14c4 "admin") at /build/sudo-g3ghsu/sudo-1.8.16/plugins/sudoers/pwutil.c:842 842 if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) { (gdb) print grlist->ngroups $6 = 1 (gdb) print grlist->groups[0] $7 = 0x56174c050d7f "sudo" This should have gone to "done" because it is "sudo". But we are checking for "admin": (gdb) print group $12 = 0x7fa01c0b14c4 "admin" In both cases it should have finished and not continued. If it continued, it would go to “PROBLEM" (comment #6) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1565567 Title: segv in sudo_getgrgid To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1565567/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs