(sudo 1.9.8, compiled with LDAP support on FreeBSD 12.2-RELEASE-p10.) When compiled with LDAP support sudo 1.9.8 produces a segmentation fault when running a command (eg "sudo ls"). Invocations such as "sudo -l" or "sudo -U <username> -l" where <username> is a user in LDAP work fine, it's just trying to run an actual command that ends in the segfault. I tried a debug compile of sudo. This indicates that SIGSEGV is occurring at match.c:401:29 in the "cmnd_matches" function. The GUI function of LLDB suggests that this may be because "c" is set to "0x0000000000000000". (I'm absolutely not an expert at debugging; the above is pretty much what I was able to figure out via a Google search, so I'm afraid I can't really provide further help unless you can provide some clear steps for me to follow.) I recompiled without LDAP support and "sudo ls" works as expected. There have been some updates to the OpenLDAP port lately, so I don't know if this is an OpenLDAP issue or Sudo, but I do know that I can log in as a user from LDAP without issue, I just can't run sudo as that user.
Created attachment 227950 [details] 1.9.8p1 resolves the segfault Upstream fix for LDAP segfault.
garga@: would you want me to commit this for you? Sudo version 1.9.8 patchelevel 1 is now available which fixes a few regressions introduced in sudo 1.9.8. Source: https://www.sudo.ws/dist/sudo-1.9.8p1.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.8p1.tar.gz SHA256 checksum: 0939ee24df7095a92e0ca4aa3bd53b2a10965a7b921d51a26ab70cdd24388d69 MD5 checksum: ae9c8b32268f27d05bcdcb8f0c04d461 Binary packages: https://www.sudo.ws/download.html#binary https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_8 For a list of download mirror sites, see: https://www.sudo.ws/download_mirrors.html Sudo web site: https://www.sudo.ws/ Sudo web site mirrors: https://www.sudo.ws/mirrors.html Major changes between sudo 1.9.8p1 and 1.9.8: * Fixed support for passing a prompt (sudo -p) or a login class (sudo -c) on the command line. This is a regression introduced in sudo 1.9.8. Bug #993. * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends. This is a regression introduced in sudo 1.9.8. Bug #994. * Fixed a compilation error when the --enable-static-sudoers configure option was specified. This is a regression introduced in sudo 1.9.8 caused by a symbol clash with the intercept and log server protobuf functions.
Approved. Thanks Cy!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=549e87a5edcd9b96360d74b58dbfc04749bd0580 commit 549e87a5edcd9b96360d74b58dbfc04749bd0580 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2021-09-17 15:27:46 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2021-09-17 15:33:01 +0000 security/sudo: Update to 1.9.8p1 to fix LDAP SEGFAULT Sudo version 1.9.8 patchelevel 1 is now available which fixes a few regressions introduced in sudo 1.9.8. Source: https://www.sudo.ws/dist/sudo-1.9.8p1.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.8p1.tar.gz SHA256 checksum: 0939ee24df7095a92e0ca4aa3bd53b2a10965a7b921d51a26ab70cdd24388d69 MD5 checksum: ae9c8b32268f27d05bcdcb8f0c04d461 Binary packages: https://www.sudo.ws/download.html#binary https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_8 For a list of download mirror sites, see: https://www.sudo.ws/download_mirrors.html Sudo web site: https://www.sudo.ws/ Sudo web site mirrors: https://www.sudo.ws/mirrors.html Major changes between sudo 1.9.8p1 and 1.9.8: * Fixed support for passing a prompt (sudo -p) or a login class (sudo -c) on the command line. This is a regression introduced in sudo 1.9.8. Bug #993. * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends. This is a regression introduced in sudo 1.9.8. Bug #994. * Fixed a compilation error when the --enable-static-sudoers configure option was specified. This is a regression introduced in sudo 1.9.8 caused by a symbol clash with the intercept and log server protobuf functions. PR: 258537 Submitted by: cy Reported by: Adrian Waters <draenan _ gmail_com> Approved by: garga (maintainer) MFH: 2021Q3 security/sudo/Makefile | 2 +- security/sudo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
Confirming that the update fixes my issue. Thanks for the quick response.
Pending MFH.
A commit in branch 2021Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=5815766ccf2b3110ab88b174425da85a77aa814e commit 5815766ccf2b3110ab88b174425da85a77aa814e Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2021-09-17 15:27:46 +0000 Commit: Renato Botelho <garga@FreeBSD.org> CommitDate: 2021-09-30 12:20:54 +0000 security/sudo: Update to 1.9.8p1 to fix LDAP SEGFAULT Sudo version 1.9.8 patchelevel 1 is now available which fixes a few regressions introduced in sudo 1.9.8. Source: https://www.sudo.ws/dist/sudo-1.9.8p1.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.8p1.tar.gz SHA256 checksum: 0939ee24df7095a92e0ca4aa3bd53b2a10965a7b921d51a26ab70cdd24388d69 MD5 checksum: ae9c8b32268f27d05bcdcb8f0c04d461 Binary packages: https://www.sudo.ws/download.html#binary https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_8 For a list of download mirror sites, see: https://www.sudo.ws/download_mirrors.html Sudo web site: https://www.sudo.ws/ Sudo web site mirrors: https://www.sudo.ws/mirrors.html Major changes between sudo 1.9.8p1 and 1.9.8: * Fixed support for passing a prompt (sudo -p) or a login class (sudo -c) on the command line. This is a regression introduced in sudo 1.9.8. Bug #993. * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends. This is a regression introduced in sudo 1.9.8. Bug #994. * Fixed a compilation error when the --enable-static-sudoers configure option was specified. This is a regression introduced in sudo 1.9.8 caused by a symbol clash with the intercept and log server protobuf functions. PR: 258537 Submitted by: cy Reported by: Adrian Waters <draenan _ gmail_com> Approved by: garga (maintainer) MFH: 2021Q3 (cherry picked from commit 549e87a5edcd9b96360d74b58dbfc04749bd0580) security/sudo/Makefile | 2 +- security/sudo/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
Merged into 2021Q3