Bug#535792: Segfaults to bad sudoers file

2009-07-05 Thread Rafael Cunha de Almeida 
After studying sudo a little more I came up with a patch that I think
can be applied to sudo without issues. While the first patch was enough
to point out where the problem was, this new patch should fix it in the
best possible way.

I hadn't realised before that there can be more than one source for sudo
and this patch takes care of it, the process fails only if there are no
valid sources.
diff -ur old/sudo-1.7.0/sudo.c new/sudo-1.7.0/sudo.c
--- old/sudo-1.7.0/sudo.c	2009-07-05 09:33:40.0 -0400
+++ new/sudo-1.7.0/sudo.c	2009-07-05 09:24:30.0 -0400
@@ -1072,16 +1072,19 @@
 	(unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID);
 else if ((fp = fopen(sudoers, r)) == NULL)
 	log_error(USE_ERRNO, can't open %s, sudoers);
-else if (statbuf.st_size != 0) {
-	/*
-	 * Make sure we can actually read sudoers so we can present the
-	 * user with a reasonable error message.
-	 */
-	if (fgetc(fp) == EOF)
-	log_error(USE_ERRNO, can't read %s, sudoers);
-	rewind(fp);
+else {
+	if (statbuf.st_size != 0) {
+	/*
+	 * Make sure we can actually read sudoers so we can present the
+	 * user with a reasonable error message.
+	 */
+	if (fgetc(fp) == EOF)
+	log_error(USE_ERRNO, can't read %s, sudoers);
+	rewind(fp);
+	}
+
+	(void) fcntl(fileno(fp), F_SETFD, 1);
 }
-(void) fcntl(fileno(fp), F_SETFD, 1);
 
 set_perms(PERM_ROOT);		/* change back to root */
 return(fp);

Bug#535792: Segfaults to bad sudoers file

2009-07-04 Thread Rafael Cunha de Almeida 
Package: sudo
Version: 1.7.0-1
Severity: normal


If the /etc/sudoers file mode is set to 0640, then executing the sudo
program will cause a Segmentation Fault. The segmentation fault
happens when ``fileno'' is called with a NULL parameter (line 1084 of
file sudo.c). That doesn't seem exploitable, althought certainly a
bug.

Attached is a patch which fixes that issue. I made it so all errors
handled by open_sudoers are fatal. That seems reasonable to me, but
someone with a better understanding of the whole code should probably
check it out.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages sudo depends on:
ii  libc6 2.9-18 GNU C Library: Shared libraries
ii  libpam-modules1.0.1-9Pluggable Authentication
Modules f
ii  libpam0g  1.0.1-9Pluggable Authentication
Modules l

sudo recommends no packages.

sudo suggests no packages.

-- no debconf information
diff -ur sudo-1.7.0.orig/sudo.c sudo-1.7.0/sudo.c
--- sudo-1.7.0.orig/sudo.c	2009-07-05 00:11:50.0 -0400
+++ sudo-1.7.0/sudo.c	2009-07-04 23:56:33.0 -0400
@@ -1057,18 +1057,18 @@
 set_perms(PERM_SUDOERS);
 
 if (rootstat != 0  stat_sudoers(sudoers, statbuf) != 0)
-	log_error(USE_ERRNO|NO_EXIT, can't stat %s, sudoers);
+	log_error(USE_ERRNO, can't stat %s, sudoers);
 else if (!S_ISREG(statbuf.st_mode))
-	log_error(NO_EXIT, %s is not a regular file, sudoers);
+	log_error(0, %s is not a regular file, sudoers);
 else if ((statbuf.st_mode  0) != SUDOERS_MODE)
-	log_error(NO_EXIT, %s is mode 0%o, should be 0%o, sudoers,
+	log_error(0, %s is mode 0%o, should be 0%o, sudoers,
 	(unsigned int) (statbuf.st_mode  0),
 	(unsigned int) SUDOERS_MODE);
 else if (statbuf.st_uid != SUDOERS_UID)
-	log_error(NO_EXIT, %s is owned by uid %lu, should be %lu, sudoers,
+	log_error(0, %s is owned by uid %lu, should be %lu, sudoers,
 	(unsigned long) statbuf.st_uid, (unsigned long) SUDOERS_UID);
 else if (statbuf.st_gid != SUDOERS_GID)
-	log_error(NO_EXIT, %s is owned by gid %lu, should be %lu, sudoers,
+	log_error(0, %s is owned by gid %lu, should be %lu, sudoers,
 	(unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID);
 else if ((fp = fopen(sudoers, r)) == NULL)
 	log_error(USE_ERRNO, can't open %s, sudoers);