Bug#980364: sudo: segfault when /var/lib/sudo/lectured not writable
Hi Marc, > Is it ok for you if I close this bug? Sure. > > Most likely unrelated, but one thing I did notice when checking the > > code is that sudo_mkdir_parents might UB if path is an empty string, > > since it first does "char *slash = path; strchr (slash + 1, '/');". > > > > Now I don't know if it's actually possible that it's called with an > > empty string, so it might not be an actual bug, but since I see it's > > coded very defensively overall, an empty string check here might not > > hurt. > > Would it be ok for you to file an issue in upstream's bugzilla? Or would > it be more comforable for you if I took this issue upstream? It is > generally more useful when the bug reporter has a direct communications > link to upstream in such cases. I'd prefer if you do it. I don't really have anything more to say about it, nor any kind of test case. (As I said, it may not even be a bug, just a matter of defensive programming.) Greetings, Frank
Bug#980364: sudo: segfault when /var/lib/sudo/lectured not writable
Hi Frank, thanks for your asnwer! On Mon, Mar 08, 2021 at 01:04:36AM +0100, Frank Heckenbach wrote: > Unfortunately, I can't easily try to reproduce it, either. (It was a > server, so we had to quickly reboot it to get it running again and > replace the defective disk soon after; when it happened, I didn't > have much time to do further tests, and without gdb or strace > available for a suid program, my options were very limited, anyway.) > So I guess we have to leave it at that. Is it ok for you if I close this bug? > Most likely unrelated, but one thing I did notice when checking the > code is that sudo_mkdir_parents might UB if path is an empty string, > since it first does "char *slash = path; strchr (slash + 1, '/');". > > Now I don't know if it's actually possible that it's called with an > empty string, so it might not be an actual bug, but since I see it's > coded very defensively overall, an empty string check here might not > hurt. Would it be ok for you to file an issue in upstream's bugzilla? Or would it be more comforable for you if I took this issue upstream? It is generally more useful when the bug reporter has a direct communications link to upstream in such cases. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#980364: sudo: segfault when /var/lib/sudo/lectured not writable
> > On a system with disk errors, which had therefore remounted its > > file systems read-only, I tried to sudo in order to do further > > diagnostics as root, but sudo crashed with a segfault. > > I tried reproducing this with sudo 1.8.27-1+deb10u3, on a clean file > system, mounted read-only, on /var/lib/sudo: > and then tried to become root from a normal user account: > > The timestamp, in this case, gets written to /run/sudo, which is a tmpfs > on Debian systems. After sudo -k, another try to invoke sudo will result > in the lecture being repeated. I don't see a segfault in any of these > cases, and root privileges were obtained, making repair work possible. > > Could it be possible that the filesystem was not only mounted read-only, > but also broken or wrongfully mounted? Please note that you received an > Input/Output error, while my tests ended with "Read-only file system". Probably. I had misinterpreted the segfault as a consequence of the reported write error because it was shown right after it. I've now checked the code and see that sudo does continue properly after this particular error, which is good, though it means that the segfault could be from any code run afterwards -- or it could be a consequence of sudo itself or one of its libraries corrupted on loading. Unfortunately, I can't easily try to reproduce it, either. (It was a server, so we had to quickly reboot it to get it running again and replace the defective disk soon after; when it happened, I didn't have much time to do further tests, and without gdb or strace available for a suid program, my options were very limited, anyway.) So I guess we have to leave it at that. Most likely unrelated, but one thing I did notice when checking the code is that sudo_mkdir_parents might UB if path is an empty string, since it first does "char *slash = path; strchr (slash + 1, '/');". Now I don't know if it's actually possible that it's called with an empty string, so it might not be an actual bug, but since I see it's coded very defensively overall, an empty string check here might not hurt.
Bug#980364: sudo: segfault when /var/lib/sudo/lectured not writable
tags #980364 unreproducible thanks On Mon, Jan 18, 2021 at 07:09:35AM +0100, Frank Heckenbach wrote: > Package: sudo > Version: 1.8.27-1+deb10u2 > Severity: normal > > On a system with disk errors, which had therefore remounted its > file systems read-only, I tried to sudo in order to do further > diagnostics as root, but sudo crashed with a segfault. I tried reproducing this with sudo 1.8.27-1+deb10u3, on a clean file system, mounted read-only, on /var/lib/sudo: |root@testbuster83:~# df -h |Filesystem Size Used Avail Use% Mounted on |udev164M 0 164M 0% /dev |tmpfs36M 4.5M 32M 13% /run |/dev/vda1 2.6G 1.5G 970M 60% / |tmpfs 179M 0 179M 0% /dev/shm |tmpfs 5.0M 0 5.0M 0% /run/lock |tmpfs 179M 0 179M 0% /sys/fs/cgroup |tmpfs36M 0 36M 0% /run/user/1001 |root@testbuster83:~# mount -o ro /dev/vdb /var/lib/sudo/ |root@testbuster83:~# ls -al /var/lib/sudo/ |total 24 |drwxr-xr-x 3 root root 4096 Feb 22 16:16 . |drwxr-xr-x 27 root root 4096 Aug 27 07:54 .. |drwx-- 2 root root 16384 Feb 22 16:14 lost+found |root@testbuster83:~# df -h |Filesystem Size Used Avail Use% Mounted on |udev164M 0 164M 0% /dev |tmpfs36M 4.5M 32M 13% /run |/dev/vda1 2.6G 1.5G 970M 60% / |tmpfs 179M 0 179M 0% /dev/shm |tmpfs 5.0M 0 5.0M 0% /run/lock |tmpfs 179M 0 179M 0% /sys/fs/cgroup |tmpfs36M 0 36M 0% /run/user/1001 |/dev/vdb976M 2.6M 907M 1% /var/lib/sudo |root@testbuster83:~# and then tried to become root from a normal user account: |[20/2553]mh@testbuster83:~ $ sudo id | |We trust you have received the usual lecture from the local System |Administrator. It usually boils down to these three things: | |#1) Respect the privacy of others. |#2) Think before you type. |#3) With great power comes great responsibility. | |[sudo] password for mh: |sudo: unable to mkdir /var/lib/sudo/lectured: Read-only file system |uid=0(root) gid=0(root) groups=0(root) |[21/2554]mh@testbuster83:~ $ The timestamp, in this case, gets written to /run/sudo, which is a tmpfs on Debian systems. After sudo -k, another try to invoke sudo will result in the lecture being repeated. I don't see a segfault in any of these cases, and root privileges were obtained, making repair work possible. Could it be possible that the filesystem was not only mounted read-only, but also broken or wrongfully mounted? Please note that you received an Input/Output error, while my tests ended with "Read-only file system". The Input/Output error case is a lot harder to reproduce, and one can discuss whether it's ok to segfault on a system that is already sick. Would it be ok for you to take the segfault issue upstream yourself once you have found a way to reliably reproduce the issue? Greetings Marc
Bug#980364: sudo: segfault when /var/lib/sudo/lectured not writable
Package: sudo Version: 1.8.27-1+deb10u2 Severity: normal On a system with disk errors, which had therefore remounted its file systems read-only, I tried to sudo in order to do further diagnostics as root, but sudo crashed with a segfault. I think it should be possible (perhaps with a special option) to continue without writing this file, even if it means I'll be lectured again if I run sudo again soon. In a situation like this, it might be more important to get root access at all. Even if it won't do this, a segfault is certainly a bug. % sudo su We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for frank: sudo: unable to mkdir /var/lib/sudo/lectured: Input/output error Segmentation fault -- System Information: Debian Release: 10.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.6.0-0.bpo.2-amd64 (SMP w/24 CPU cores) Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1), LANGUAGE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages sudo depends on: ii libaudit1 1:2.8.4-3 ii libc6 2.28-10 ii libpam-modules 1.3.1-5 ii libpam0g1.3.1-5 ii libselinux1 2.8-1+b1 ii lsb-base10.2019051400 sudo recommends no packages. sudo suggests no packages. -- no debconf information