> > On a system with disk errors, which had therefore remounted its > > file systems read-only, I tried to sudo in order to do further > > diagnostics as root, but sudo crashed with a segfault. > > I tried reproducing this with sudo 1.8.27-1+deb10u3, on a clean file > system, mounted read-only, on /var/lib/sudo: > and then tried to become root from a normal user account: > > The timestamp, in this case, gets written to /run/sudo, which is a tmpfs > on Debian systems. After sudo -k, another try to invoke sudo will result > in the lecture being repeated. I don't see a segfault in any of these > cases, and root privileges were obtained, making repair work possible. > > Could it be possible that the filesystem was not only mounted read-only, > but also broken or wrongfully mounted? Please note that you received an > Input/Output error, while my tests ended with "Read-only file system".
Probably. I had misinterpreted the segfault as a consequence of the reported write error because it was shown right after it. I've now checked the code and see that sudo does continue properly after this particular error, which is good, though it means that the segfault could be from any code run afterwards -- or it could be a consequence of sudo itself or one of its libraries corrupted on loading. Unfortunately, I can't easily try to reproduce it, either. (It was a server, so we had to quickly reboot it to get it running again and replace the defective disk soon after; when it happened, I didn't have much time to do further tests, and without gdb or strace available for a suid program, my options were very limited, anyway.) So I guess we have to leave it at that. Most likely unrelated, but one thing I did notice when checking the code is that sudo_mkdir_parents might UB if path is an empty string, since it first does "char *slash = path; strchr (slash + 1, '/');". Now I don't know if it's actually possible that it's called with an empty string, so it might not be an actual bug, but since I see it's coded very defensively overall, an empty string check here might not hurt.
