Your message dated Wed, 21 Apr 2010 09:34:10 -0600 (MDT)
with message-id <[email protected]>
and subject line fixed
has caused the Debian Bug report #535792,
regarding Segfaults to bad sudoers file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
535792: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535792
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sudo
Version: 1.7.0-1
Severity: normal
If the /etc/sudoers file mode is set to 0640, then executing the sudo
program will cause a Segmentation Fault. The segmentation fault
happens when ``fileno'' is called with a NULL parameter (line 1084 of
file sudo.c). That doesn't seem exploitable, althought certainly a
bug.
Attached is a patch which fixes that issue. I made it so all errors
handled by open_sudoers are fatal. That seems reasonable to me, but
someone with a better understanding of the whole code should probably
check it out.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages sudo depends on:
ii libc6 2.9-18 GNU C Library: Shared libraries
ii libpam-modules 1.0.1-9 Pluggable Authentication
Modules f
ii libpam0g 1.0.1-9 Pluggable Authentication
Modules l
sudo recommends no packages.
sudo suggests no packages.
-- no debconf information
diff -ur sudo-1.7.0.orig/sudo.c sudo-1.7.0/sudo.c
--- sudo-1.7.0.orig/sudo.c 2009-07-05 00:11:50.000000000 -0400
+++ sudo-1.7.0/sudo.c 2009-07-04 23:56:33.000000000 -0400
@@ -1057,18 +1057,18 @@
set_perms(PERM_SUDOERS);
if (rootstat != 0 && stat_sudoers(sudoers, &statbuf) != 0)
- log_error(USE_ERRNO|NO_EXIT, "can't stat %s", sudoers);
+ log_error(USE_ERRNO, "can't stat %s", sudoers);
else if (!S_ISREG(statbuf.st_mode))
- log_error(NO_EXIT, "%s is not a regular file", sudoers);
+ log_error(0, "%s is not a regular file", sudoers);
else if ((statbuf.st_mode & 07777) != SUDOERS_MODE)
- log_error(NO_EXIT, "%s is mode 0%o, should be 0%o", sudoers,
+ log_error(0, "%s is mode 0%o, should be 0%o", sudoers,
(unsigned int) (statbuf.st_mode & 07777),
(unsigned int) SUDOERS_MODE);
else if (statbuf.st_uid != SUDOERS_UID)
- log_error(NO_EXIT, "%s is owned by uid %lu, should be %lu", sudoers,
+ log_error(0, "%s is owned by uid %lu, should be %lu", sudoers,
(unsigned long) statbuf.st_uid, (unsigned long) SUDOERS_UID);
else if (statbuf.st_gid != SUDOERS_GID)
- log_error(NO_EXIT, "%s is owned by gid %lu, should be %lu", sudoers,
+ log_error(0, "%s is owned by gid %lu, should be %lu", sudoers,
(unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID);
else if ((fp = fopen(sudoers, "r")) == NULL)
log_error(USE_ERRNO, "can't open %s", sudoers);
--- End Message ---
--- Begin Message ---
The latest version of sudo in Debian has improved behavior in the case of a
missing or poorly permissioned sudoers file, it will fail gracefully instead
of seg faulting.
Bdale
--- End Message ---
