Package: sudo
Version: 1.7.0-1
Severity: normal
If the /etc/sudoers file mode is set to 0640, then executing the sudo
program will cause a Segmentation Fault. The segmentation fault
happens when ``fileno'' is called with a NULL parameter (line 1084 of
file sudo.c). That doesn't seem exploitable, althought certainly a
bug.
Attached is a patch which fixes that issue. I made it so all errors
handled by open_sudoers are fatal. That seems reasonable to me, but
someone with a better understanding of the whole code should probably
check it out.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages sudo depends on:
ii libc6 2.9-18 GNU C Library: Shared libraries
ii libpam-modules1.0.1-9Pluggable Authentication
Modules f
ii libpam0g 1.0.1-9Pluggable Authentication
Modules l
sudo recommends no packages.
sudo suggests no packages.
-- no debconf information
diff -ur sudo-1.7.0.orig/sudo.c sudo-1.7.0/sudo.c
--- sudo-1.7.0.orig/sudo.c 2009-07-05 00:11:50.0 -0400
+++ sudo-1.7.0/sudo.c 2009-07-04 23:56:33.0 -0400
@@ -1057,18 +1057,18 @@
set_perms(PERM_SUDOERS);
if (rootstat != 0 stat_sudoers(sudoers, statbuf) != 0)
- log_error(USE_ERRNO|NO_EXIT, can't stat %s, sudoers);
+ log_error(USE_ERRNO, can't stat %s, sudoers);
else if (!S_ISREG(statbuf.st_mode))
- log_error(NO_EXIT, %s is not a regular file, sudoers);
+ log_error(0, %s is not a regular file, sudoers);
else if ((statbuf.st_mode 0) != SUDOERS_MODE)
- log_error(NO_EXIT, %s is mode 0%o, should be 0%o, sudoers,
+ log_error(0, %s is mode 0%o, should be 0%o, sudoers,
(unsigned int) (statbuf.st_mode 0),
(unsigned int) SUDOERS_MODE);
else if (statbuf.st_uid != SUDOERS_UID)
- log_error(NO_EXIT, %s is owned by uid %lu, should be %lu, sudoers,
+ log_error(0, %s is owned by uid %lu, should be %lu, sudoers,
(unsigned long) statbuf.st_uid, (unsigned long) SUDOERS_UID);
else if (statbuf.st_gid != SUDOERS_GID)
- log_error(NO_EXIT, %s is owned by gid %lu, should be %lu, sudoers,
+ log_error(0, %s is owned by gid %lu, should be %lu, sudoers,
(unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID);
else if ((fp = fopen(sudoers, r)) == NULL)
log_error(USE_ERRNO, can't open %s, sudoers);