[Bug 553786] Re: *** glibc detected *** sudo: double free or corruption

Bartosz Kosiorek 553786 at bugs.launchpad.net
Mon Dec 17 21:16:36 UTC 2012 

After installing sudo package from proposed, there is no longer crash:

sudo ls
sudo: /etc/sudoers.d/mama is mode 0644, should be 0440
>>> /etc/sudoers.d/README: /etc/sudoers.d/mama near line 18 <<<
sudo: parse error in /etc/sudoers.d/README near line 18
sudo: no valid sudoers sources found, quitting

Verified.

** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/553786

Title:
  *** glibc detected *** sudo: double free or corruption

Status in “sudo” package in Ubuntu:
  Fix Released
Status in “sudo” source package in Lucid:
  Fix Committed

Bug description:
  [SRU]

  [Impact]
  Lucid users who create a file in /etc/sudoers.d with incorrect permissions cause sudo to segfault, preventing them from using sudo to change the permissions.
  (This works properly in later versions of sudo, such as Oneiric+)

  [Test case]
  1- Create a file in /etc/sudoers.d with 644 permissions
  2- Attempt to use sudo
  3- sudo should simply print a warning, and not segfault

  [Regression potental]
  This is the upstream patch that has been used for quite a while, and has passed the qa-regression-testing test suite. If there are regressions, I suppose it could be in the sudoers file handling.

  Original description:
  Lucid beta1, sudo 1.7.2p1-1ubuntu4. I added a file with incorrect permissions under /etc/sudoers.d/, and while that needed fixing, sudo(8) certainly shouldn't react like this:

  $ sudo bash
  sudo: /etc/sudoers.d/admin is mode 0644, should be 0440
  >>> /etc/sudoers.d/README: /etc/sudoers.d/admin near line 18 <<<
  sudo: parse error in /etc/sudoers.d/README near line 18
  sudo: no valid sudoers sources found, quitting
  *** glibc detected *** sudo: double free or corruption (!prev): 0x0861b7b0 ***
  ======= Backtrace: =========
  /lib/tls/i686/cmov/libc.so.6(+0x6b581)[0xa3a581]
  /lib/tls/i686/cmov/libc.so.6(+0x6cdd8)[0xa3bdd8]
  /lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0xa3eebd]
  /lib/tls/i686/cmov/libc.so.6(fclose+0x14a)[0xa2aa9a]
  sudo[0x805782d]
  sudo[0x80587c6]
  sudo[0x805639e]
  sudo[0x805a104]
  /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x9e5bd6]
  sudo[0x804a7c1]
  ======= Memory map: ========
  002b1000-002b7000 r-xp 00000000 08:07 16579      /lib/tls/i686/cmov/libnss_compat-2.11.1.so
  002b7000-002b8000 r--p 00006000 08:07 16579      /lib/tls/i686/cmov/libnss_compat-2.11.1.so
  002b8000-002b9000 rw-p 00007000 08:07 16579      /lib/tls/i686/cmov/libnss_compat-2.11.1.so
  003bf000-003c9000 r-xp 00000000 08:07 16581      /lib/tls/i686/cmov/libnss_files-2.11.1.so
  003c9000-003ca000 r--p 00009000 08:07 16581      /lib/tls/i686/cmov/libnss_files-2.11.1.so
  003ca000-003cb000 rw-p 0000a000 08:07 16581      /lib/tls/i686/cmov/libnss_files-2.11.1.so
  0045f000-00467000 r-xp 00000000 08:07 16583      /lib/tls/i686/cmov/libnss_nis-2.11.1.so
  00467000-00468000 r--p 00007000 08:07 16583      /lib/tls/i686/cmov/libnss_nis-2.11.1.so
  00468000-00469000 rw-p 00008000 08:07 16583      /lib/tls/i686/cmov/libnss_nis-2.11.1.so
  00542000-0055f000 r-xp 00000000 08:07 16364      /lib/libgcc_s.so.1
  0055f000-00560000 r--p 0001c000 08:07 16364      /lib/libgcc_s.so.1
  00560000-00561000 rw-p 0001d000 08:07 16364      /lib/libgcc_s.so.1
  0060b000-0060c000 r-xp 00000000 00:00 0          [vdso]
  006e6000-006e8000 r-xp 00000000 08:07 16575      /lib/tls/i686/cmov/libdl-2.11.1.so
  006e8000-006e9000 r--p 00001000 08:07 16575      /lib/tls/i686/cmov/libdl-2.11.1.so
  006e9000-006ea000 rw-p 00002000 08:07 16575      /lib/tls/i686/cmov/libdl-2.11.1.so
  0084e000-00869000 r-xp 00000000 08:07 16304      /lib/ld-2.11.1.so
  00869000-0086a000 r--p 0001a000 08:07 16304      /lib/ld-2.11.1.so
  0086a000-0086b000 rw-p 0001b000 08:07 16304      /lib/ld-2.11.1.so
  008a5000-008ae000 r-xp 00000000 08:07 16574      /lib/tls/i686/cmov/libcrypt-2.11.1.so
  008ae000-008af000 r--p 00008000 08:07 16574      /lib/tls/i686/cmov/libcrypt-2.11.1.so
  008af000-008b0000 rw-p 00009000 08:07 16574      /lib/tls/i686/cmov/libcrypt-2.11.1.so
  008b0000-008d7000 rw-p 00000000 00:00 0
  009cf000-00b22000 r-xp 00000000 08:07 16572      /lib/tls/i686/cmov/libc-2.11.1.so
  00b22000-00b23000 ---p 00153000 08:07 16572      /lib/tls/i686/cmov/libc-2.11.1.so
  00b23000-00b25000 r--p 00153000 08:07 16572      /lib/tls/i686/cmov/libc-2.11.1.so
  00b25000-00b26000 rw-p 00155000 08:07 16572      /lib/tls/i686/cmov/libc-2.11.1.so
  00b26000-00b29000 rw-p 00000000 00:00 0
  00c5d000-00c68000 r-xp 00000000 08:07 16381      /lib/libpam.so.0.82.2
  00c68000-00c69000 r--p 0000a000 08:07 16381      /lib/libpam.so.0.82.2
  00c69000-00c6a000 rw-p 0000b000 08:07 16381      /lib/libpam.so.0.82.2
  00e4f000-00e62000 r-xp 00000000 08:07 16578      /lib/tls/i686/cmov/libnsl-2.11.1.so
  00e62000-00e63000 r--p 00012000 08:07 16578      /lib/tls/i686/cmov/libnsl-2.11.1.so
  00e63000-00e64000 rw-p 00013000 08:07 16578      /lib/tls/i686/cmov/libnsl-2.11.1.so
  00e64000-00e66000 rw-p 00000000 00:00 0
  08048000-08066000 r-xp 00000000 08:07 573495     /usr/bin/sudo
  08066000-08067000 r--p 0001d000 08:07 573495     /usr/bin/sudo
  08067000-08068000 rw-p 0001e000 08:07 573495     /usr/bin/sudo
  08068000-0806b000 rw-p 00000000 00:00 0
  08612000-08633000 rw-p 00000000 00:00 0          [heap]
  b7600000-b7621000 rw-p 00000000 00:00 0
  b7621000-b7700000 ---p 00000000 00:00 0
  b7715000-b7754000 r--p 00000000 08:07 604029     /usr/lib/locale/en_US.utf8/LC_CTYPE
  b7754000-b7755000 r--p 00000000 08:07 604030     /usr/lib/locale/en_US.utf8/LC_NUMERIC
  b7755000-b7756000 r--p 00000000 08:07 604031     /usr/lib/locale/en_US.utf8/LC_TIME
  b7756000-b7757000 r--p 00000000 08:07 604033     /usr/lib/locale/en_US.utf8/LC_MONETARY
  b7757000-b7758000 r--p 00000000 08:07 604035     /usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES
  b7758000-b775a000 rw-p 00000000 00:00 0
  b775a000-b775b000 r--p 00000000 08:07 604036     /usr/lib/locale/en_US.utf8/LC_PAPER
  b775b000-b775c000 r--p 00000000 08:07 604037     /usr/lib/locale/en_US.utf8/LC_NAME
  b775c000-b775d000 r--p 00000000 08:07 604038     /usr/lib/locale/en_US.utf8/LC_ADDRESS
  b775d000-b775e000 r--p 00000000 08:07 604039     /usr/lib/locale/en_US.utf8/LC_TELEPHONE
  b775e000-b775f000 r--p 00000000 08:07 604040     /usr/lib/locale/en_US.utf8/LC_MEASUREMENT
  b775f000-b7766000 r--s 00000000 08:07 571542     /usr/lib/gconv/gconv-modules.cache
  b7766000-b7767000 r--p 00000000 08:07 604041     /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
  b7767000-b7769000 rw-p 00000000 00:00 0
  bfe6a000-bfe7f000 rw-p 00000000 00:00 0          [stack]
  Aborted

  The above stack-trace spam was trivially and consistently
  reproducible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/553786/+subscriptions

More information about the foundations-bugs mailing list