Package: sudo
Version: 1.9.1-1
Severity: critical
Justification: breaks unrelated software
Dear Maintainer,
Hi there,
when uncommenting the "include" directive in /etc/sudoers:
includedir /etc/sudoers.d
then sudo crashes with a segmentation fault (stacktrace generated on
debian/unstable -- see version info below this stacktrace):
gdb -batch -n -ex 'set pagination off' -ex run -ex bt -ex 'bt full' -ex 'thread
apply all bt full' --args sudo ls
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
#0 0x0000000000000000 in ?? ()
#1 0x00007ffa722fddbc in sudoerserror (s=0x7ffa72324082 "syntax error") at
gram.y:953
#2 0x00007ffa722fe9dc in sudoersparse () at gram.c:1248
#3 0x00007ffa722d8657 in sudo_file_parse (nss=0x7ffa7233f500 <sudo_nss_file>)
at ../../../plugins/sudoers/file.c:102
#4 0x00007ffa722ef596 in sudoers_init (info=info@entry=0x7ffc614930d0,
envp=envp@entry=0x7ffc61493430) at ../../../plugins/sudoers/sudoers.c:207
#5 0x00007ffa722f9540 in sudoers_audit_open (version=<optimized out>,
conversation=<optimized out>, plugin_printf=<optimized out>,
settings=0x559b286b9830, user_info=0x559b286b5d00, submit_optind=<optimized
out>, submit_argv=0x7ffc61493418, submit_envp=0x7ffc61493430,
plugin_options=0x0, errstr=0x7ffc614931c0) at
../../../plugins/sudoers/audit.c:158
#6 0x0000559b28448207 in audit_open_int (errstr=0x7ffc614931c0,
submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418, submit_optind=1,
user_info=0x559b286b5d00, settings=0x559b2846d5c0 <sudo_settings>,
plugin=0x559b286b9a40) at ../../src/sudo.c:1543
#7 audit_open (submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418,
submit_optind=1, user_info=0x559b286b5d00, settings=0x559b2846d5c0
<sudo_settings>) at ../../src/sudo.c:1563
#8 main (argc=<optimized out>, argv=0x7ffc61493418, envp=0x7ffc61493430) at
../../src/sudo.c:238
#0 0x0000000000000000 in ?? ()
No symbol table info available.
#1 0x00007ffa722fddbc in sudoerserror (s=0x7ffa72324082 "syntax error") at
gram.y:953
fmt = ">>> %s: %s near line %d <<<\n"
oldlocale = 1
sudo_debug_subsys = 0
__func__ = "sudoerserror"
#2 0x00007ffa722fe9dc in sudoersparse () at gram.c:1248
yym = <optimized out>
yyn = <optimized out>
yystate = 23
#3 0x00007ffa722d8657 in sudo_file_parse (nss=0x7ffa7233f500 <sudo_nss_file>)
at ../../../plugins/sudoers/file.c:102
sudo_debug_subsys = 0
__func__ = "sudo_file_parse"
handle = 0x559b286be510
#4 0x00007ffa722ef596 in sudoers_init (info=info@entry=0x7ffc614930d0,
envp=envp@entry=0x7ffc61493430) at ../../../plugins/sudoers/sudoers.c:207
nss = 0x7ffa7233f500 <sudo_nss_file>
nss_next = 0x0
oldlocale = 0
sources = 0
ret = -1
sudo_debug_subsys = 0
__func__ = "sudoers_init"
#5 0x00007ffa722f9540 in sudoers_audit_open (version=<optimized out>,
conversation=<optimized out>, plugin_printf=<optimized out>,
settings=0x559b286b9830, user_info=0x559b286b5d00, submit_optind=<optimized
out>, submit_argv=0x7ffc61493418, submit_envp=0x7ffc61493430,
plugin_options=0x0, errstr=0x7ffc614931c0) at
../../../plugins/sudoers/audit.c:158
debug_files = {tqh_first = 0x0, tqh_last = 0x7ffc614930c0}
info = {settings = 0x559b286b9830, user_info = 0x559b286b5d00,
plugin_args = 0x0}
cp = <optimized out>
plugin_path = <optimized out>
cur = <optimized out>
ret = <optimized out>
sudo_debug_subsys = 0
__func__ = "sudoers_audit_open"
#6 0x0000559b28448207 in audit_open_int (errstr=0x7ffc614931c0,
submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418, submit_optind=1,
user_info=0x559b286b5d00, settings=0x559b2846d5c0 <sudo_settings>,
plugin=0x559b286b9a40) at ../../src/sudo.c:1543
plugin_settings = 0x559b286b9830
ret = <optimized out>
sudo_debug_subsys = 576
plugin_settings = <optimized out>
ret = <optimized out>
sudo_debug_subsys = <optimized out>
__func__ = "audit_open_int"
sudo_debug_ret = <optimized out>
sudo_debug_ret = <optimized out>
#7 audit_open (submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418,
submit_optind=1, user_info=0x559b286b5d00, settings=0x559b2846d5c0
<sudo_settings>) at ../../src/sudo.c:1563
ok = <optimized out>
plugin = 0x559b286b9a40
next = 0x0
errstr = 0x0
sudo_debug_subsys = 576
plugin = <optimized out>
next = <optimized out>
errstr = <optimized out>
sudo_debug_subsys = <optimized out>
__func__ = "audit_open"
ok = <optimized out>
#8 main (argc=<optimized out>, argv=0x7ffc61493418, envp=0x7ffc61493430) at
../../src/sudo.c:238
nargc = 1
status = 0
nargv = 0x7ffc61493420
env_add = 0x0
user_info = 0x559b286b5d00
command_info = 0x0
argv_out = 0x0
user_env_out = 0x0
settings = 0x559b2846d5c0 <sudo_settings>
submit_optind = 1
mask = {__val = {0 <repeats 16 times>}}
__func__ = "main"
Thread 1 (Thread 0x7ffa72670d00 (LWP 80147)):
#0 0x0000000000000000 in ?? ()
No symbol table info available.
#1 0x00007ffa722fddbc in sudoerserror (s=0x7ffa72324082 "syntax error") at
gram.y:953
fmt = ">>> %s: %s near line %d <<<\n"
oldlocale = 1
sudo_debug_subsys = 0
__func__ = "sudoerserror"
#2 0x00007ffa722fe9dc in sudoersparse () at gram.c:1248
yym = <optimized out>
yyn = <optimized out>
yystate = 23
#3 0x00007ffa722d8657 in sudo_file_parse (nss=0x7ffa7233f500 <sudo_nss_file>)
at ../../../plugins/sudoers/file.c:102
sudo_debug_subsys = 0
__func__ = "sudo_file_parse"
handle = 0x559b286be510
#4 0x00007ffa722ef596 in sudoers_init (info=info@entry=0x7ffc614930d0,
envp=envp@entry=0x7ffc61493430) at ../../../plugins/sudoers/sudoers.c:207
nss = 0x7ffa7233f500 <sudo_nss_file>
nss_next = 0x0
oldlocale = 0
sources = 0
ret = -1
sudo_debug_subsys = 0
__func__ = "sudoers_init"
#5 0x00007ffa722f9540 in sudoers_audit_open (version=<optimized out>,
conversation=<optimized out>, plugin_printf=<optimized out>,
settings=0x559b286b9830, user_info=0x559b286b5d00, submit_optind=<optimized
out>, submit_argv=0x7ffc61493418, submit_envp=0x7ffc61493430,
plugin_options=0x0, errstr=0x7ffc614931c0) at
../../../plugins/sudoers/audit.c:158
debug_files = {tqh_first = 0x0, tqh_last = 0x7ffc614930c0}
info = {settings = 0x559b286b9830, user_info = 0x559b286b5d00,
plugin_args = 0x0}
cp = <optimized out>
plugin_path = <optimized out>
cur = <optimized out>
ret = <optimized out>
sudo_debug_subsys = 0
__func__ = "sudoers_audit_open"
#6 0x0000559b28448207 in audit_open_int (errstr=0x7ffc614931c0,
submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418, submit_optind=1,
user_info=0x559b286b5d00, settings=0x559b2846d5c0 <sudo_settings>,
plugin=0x559b286b9a40) at ../../src/sudo.c:1543
plugin_settings = 0x559b286b9830
ret = <optimized out>
sudo_debug_subsys = 576
plugin_settings = <optimized out>
ret = <optimized out>
sudo_debug_subsys = <optimized out>
__func__ = "audit_open_int"
sudo_debug_ret = <optimized out>
sudo_debug_ret = <optimized out>
#7 audit_open (submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418,
submit_optind=1, user_info=0x559b286b5d00, settings=0x559b2846d5c0
<sudo_settings>) at ../../src/sudo.c:1563
ok = <optimized out>
plugin = 0x559b286b9a40
next = 0x0
errstr = 0x0
sudo_debug_subsys = 576
plugin = <optimized out>
next = <optimized out>
errstr = <optimized out>
sudo_debug_subsys = <optimized out>
__func__ = "audit_open"
ok = <optimized out>
#8 main (argc=<optimized out>, argv=0x7ffc61493418, envp=0x7ffc61493430) at
../../src/sudo.c:238
nargc = 1
status = 0
nargv = 0x7ffc61493420
env_add = 0x0
user_info = 0x559b286b5d00
command_info = 0x0
argv_out = 0x0
user_env_out = 0x0
settings = 0x559b2846d5c0 <sudo_settings>
submit_optind = 1
mask = {__val = {0 <repeats 16 times>}}
__func__ = "main"
8<---------------------------------8<---------------------------------8<---------------------------------8<---------------------------------
sudo --version
Sudo version 1.9.1
Configure options: --build=x86_64-linux-gnu --prefix=/usr
--includedir=${prefix}/include --mandir=${prefix}/share/man
--infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var
--disable-option-checking --disable-silent-rules
--libdir=${prefix}/lib/x86_64-linux-gnu
--libexecdir=${prefix}/lib/x86_64-linux-gnu --disable-maintainer-mode
--disable-dependency-tracking -v --with-all-insults --with-pam --with-fqdn
--with-logging=syslog --with-logfac=authpriv --with-env-editor --with-
editor=/usr/bin/editor --with-exampledir=/usr/share/doc/sudo/examples --with-
timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p:
--disable-root-mailer --with-sendmail=/usr/sbin/sendmail --with-
rundir=/run/sudo --libexecdir=/usr/lib --with-sssd --with-sssd-
lib=/usr/lib/x86_64-linux-gnu --with-selinux --with-linux-audit --enable-
tmpfiles.d=yes
Sudoers policy plugin version 1.9.1
Sudoers file grammar version 48
Sudoers path: /etc/sudoers
Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: authpriv
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Send mail if user authentication fails
Send mail if the user is not in sudoers
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Allow some information gathering to give useful error messages
Require fully-qualified hostnames in the sudoers file
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 15.0 minutes
Password prompt timeout: 0.0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to lecture status dir: /var/lib/sudo/lectured
Path to authentication timestamp dir: /run/sudo/ts
Default password prompt: [sudo] password for %p:
Default user to run commands as: root
Value to override user's $PATH with:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Path to the editor for use by visudo: /usr/bin/editor
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File descriptors >= 3 will be closed before executing a command
Reset the environment to a default set of variables
Environment variables to check for sanity:
TZ
TERM
LINGUAS
LC_*
LANGUAGE
LANG
COLORTERM
Environment variables to remove:
*=()*
RUBYOPT
RUBYLIB
PYTHONUSERBASE
PYTHONINSPECT
PYTHONPATH
PYTHONHOME
TMPPREFIX
ZDOTDIR
READNULLCMD
NULLCMD
FPATH
PERL5DB
PERL5OPT
PERL5LIB
PERLLIB
PERLIO_DEBUG
JAVA_TOOL_OPTIONS
SHELLOPTS
BASHOPTS
GLOBIGNORE
PS4
BASH_ENV
ENV
TERMCAP
TERMPATH
TERMINFO_DIRS
TERMINFO
_RLD*
LD_*
PATH_LOCALE
NLSPATH
HOSTALIASES
RES_OPTIONS
LOCALDOMAIN
CDPATH
IFS
Environment variables to preserve:
XAUTHORIZATION
XAUTHORITY
PS2
PS1
PATH
LS_COLORS
KRB5CCNAME
HOSTNAME
DPKG_COLORS
DISPLAY
COLORS
Locale to use while parsing sudoers: C
Directory in which to store input/output logs: /var/log/sudo-io
File in which to store the input/output log: %{seq}
Add an entry to the utmp/utmpx file when allocating a pty
PAM service name to use: sudo
PAM service name to use for login shells: sudo
Attempt to establish PAM credentials for the target user
Create a new PAM session for the command to run in
Perform PAM account validation management
Enable sudoers netgroup support
Check parent directories for writability when editing files with sudoedit
Allow commands to be run even if sudo cannot write to the audit log
Allow commands to be run even if sudo cannot write to the log file
Log entries larger than this value will be split into multiple syslog messages:
960
File mode to use for the I/O log files: 0600
Execute commands by file descriptor instead of by path: digest_only
Type of authentication timestamp record: tty
Ignore case when matching user names
Ignore case when matching group names
Log when a command is allowed by sudoers
Log when a command is denied by sudoers
Sudo log server timeout in seconds: 30
Enable SO_KEEPALIVE socket option on the socket connected to the logserver
Verify that the log server's certificate is valid
Set the pam remote user to the user running sudo
Local IP address and netmask pairs:
192.168.1.190/255.255.255.0
fe80::9049:55ff:fed5:2654/ffff:ffff:ffff:ffff::
Sudoers I/O plugin version 1.9.1
Sudoers audit plugin version 1.9.1
8<---------------------------------8<---------------------------------8<---------------------------------8<---------------------------------
I have reported this upstream at https://bugzilla.sudo.ws/show_bug.cgi?id=934
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.7.0-1-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_USER
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sudo depends on:
ii libaudit1 1:2.8.5-3+b1
ii libc6 2.30-8
ii libpam-modules 1.3.1-5
ii libpam0g 1.3.1-5
ii libselinux1 3.0-1+b3
ii lsb-base 11.1.0
sudo recommends no packages.
sudo suggests no packages.
-- Configuration Files:
/etc/sudoers [Errno 13] Permission denied: '/etc/sudoers'
/etc/sudoers.d/README [Errno 13] Permission denied: '/etc/sudoers.d/README'
-- no debconf information
