pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/45326: security/sudo dies
The following reply was made to PR pkg/45326; it has been noted by GNATS.
From: Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: pkg-manager%NetBSD.org@localhost, gnats-admin%NetBSD.org@localhost
Subject: Re: pkg/45326: security/sudo dies
Date: Tue, 6 Sep 2011 11:30:40 +0200
sudo appears to disable dumping core. In addition to setting
kern.coredump.setid.dump=1, building with
# Debugging aids
CFLAGS+= -g -DSUDO_DEVEL
INSTALL_UNSTRIPPED = yes
results in a proper core file.
[hauke@pizza] /<5>work/sudo-1.7.7 # gdb ./sudo /var/crash/sudo.core
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc--netbsdelf"...
Reading symbols from /usr/lib/libutil.so.7...done.
Loaded symbols for /usr/lib/libutil.so.7
Reading symbols from /usr/lib/libskey.so.2...done.
Loaded symbols for /usr/lib/libskey.so.2
Reading symbols from /usr/lib/libcrypt.so.1...done.
Loaded symbols for /usr/lib/libcrypt.so.1
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libsparc_v8.so.0...done.
Loaded symbols for /usr/lib/libsparc_v8.so.0
Reading symbols from /usr/lib/libc.so.12...done.
Loaded symbols for /usr/lib/libc.so.12
Reading symbols from /usr/libexec/ld.elf_so...done.
Loaded symbols for /usr/libexec/ld.elf_so
Core was generated by `sudo'.
Program terminated with signal 10, Bus error.
#0 0x00024bf0 in make_pwitem (pw=0x40269408, name=0x0) at ./pwutil.c:178
178 memcpy(newpw, pw, sizeof(struct passwd));
(gdb) bt
#0 0x00024bf0 in make_pwitem (pw=0x40269408, name=0x0) at ./pwutil.c:178
#1 0x00024dac in sudo_getpwuid (uid=100) at ./pwutil.c:252
#2 0x0001d250 in init_vars (envp=<value optimized out>) at ./sudo.c:661
#3 0x0001e0a8 in main (argc=2, argv=0xefffe9cc, envp=0xefffe9d8) at
./sudo.c:271
(gdb) print newpw
$1 = (struct passwd *) 0x4031c08c
(gdb) print pw
$2 = (const struct passwd *) 0x40269408
(gdb)
pwutil.c has
[...]
static struct cache_item *
make_pwitem(pw, name)
const struct passwd *pw;
const char *name;
{
char *cp;
const char *pw_shell;
size_t nsize, psize, csize, gsize, dsize, ssize, total;
struct cache_item *item;
struct passwd *newpw;
/* If shell field is empty, expand to _PATH_BSHELL. */
pw_shell = (pw->pw_shell == NULL || pw->pw_shell[0] == '\0')
? _PATH_BSHELL : pw->pw_shell;
/* Allocate in one big chunk for easy freeing. */
nsize = psize = csize = gsize = dsize = ssize = 0;
total = sizeof(struct cache_item) + sizeof(struct passwd);
FIELD_SIZE(pw, pw_name, nsize);
FIELD_SIZE(pw, pw_passwd, psize);
#ifdef HAVE_LOGIN_CAP_H
FIELD_SIZE(pw, pw_class, csize);
#endif
FIELD_SIZE(pw, pw_gecos, gsize);
FIELD_SIZE(pw, pw_dir, dsize);
/* Treat shell specially since we expand "" -> _PATH_BSHELL */
ssize = strlen(pw_shell) + 1;
total += ssize;
if (name != NULL)
total += strlen(name) + 1;
/* Allocate space for struct item, struct passwd and the strings. */
if ((item = malloc(total)) == NULL)
return NULL;
cp = (char *) item + sizeof(struct cache_item);
/*
* Copy in passwd contents and make strings relative to space
* at the end of the buffer.
*/
newpw = (struct passwd *) cp;
memcpy(newpw, pw, sizeof(struct passwd));
*BUS ERROR*
-- can somebody with sufficient SPARC fu comment on potential alignment
issues of the "cp = (char *) item ..." line?
hauke
See also <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640304>.
--
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut für Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-3281
Home |
Main Index |
Thread Index |
Old Index