[Bug 1327268] Re: sudo-ldap segfaults in 14.04 if ldap is being used
Raubvogel
1327268 at bugs.launchpad.net
Tue Jun 17 15:41:06 UTC 2014
I talked to Todd C. Miller, the author of sudo, who proposed the
following patch:
diff -r 6c0cc2def911 plugins/sudoers/ldap.c
--- a/plugins/sudoers/ldap.c Wed Jun 04 11:43:39 2014 -0600
+++ b/plugins/sudoers/ldap.c Mon Jun 16 13:41:02 2014 -0600
@@ -2429,10 +2429,11 @@
rc = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI",
NULL, NULL, LDAP_SASL_QUIET, sudo_ldap_sasl_interact, auth_id);
if (new_ccname != NULL) {
- rc = sudo_set_krb5_ccache_name(old_ccname, NULL);
+ rc = sudo_set_krb5_ccache_name(old_ccname ? old_ccname : "", NULL);
if (rc == 0) {
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
- "restore ccache name %s -> %s", new_ccname, old_ccname);
+ "restore ccache name %s -> %s", new_ccname,az
+ old_ccname ? old_ccname : "(none)");
} else {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
"gss_krb5_ccache_name() failed: %d", rc);
We tested it in my 14.04LTS amd64 (sudo 1.8.9p5) install and that solved
the problem. The above patch will be incorporated in the next version of
sudo. But, I am posting it here in case someone wants to backport it to
the sudo 1.8.9 ubuntu package
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1327268
Title:
sudo-ldap segfaults in 14.04 if ldap is being used
Status in “sudo” package in Ubuntu:
New
Bug description:
NOTE: I was asked in
https://answers.launchpad.net/ubuntu/+source/sudo/+question/249819 to
report this as a bug.
raub at testfirewall:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04 LTS
Release: 14.04
Codename: trusty
raub at testfirewall:~$ uname -a
Linux testfirewall 3.13.0-27-generic #50-Ubuntu SMP Thu May 15 18:06:16 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
raub at testfirewall:~$
and have before upgrading to 14.04 been using sudo-ldap so network
admins can do some work. However, in 14.04, I am seeing
raub at testfirewall:~$ sudo pwd
sudo: LDAP Config Summary
sudo: ===================
sudo: uri ldap://kdc.domain.com ldap://kdc2.domain.com
sudo: ldap_version 3
sudo: sudoers_base ou=SUDOers,dc=domain,dc=com
sudo: binddn (anonymous)
sudo: bindpw (anonymous)
sudo: bind_timelimit 3
sudo: timelimit 3
sudo: deref 0
sudo: ssl start_tls
sudo: tls_cacertfile /etc/ssl/certs/ca-certificates.crt
sudo: use_sasl yes
sudo: sasl_auth_id (NONE)
sudo: rootuse_sasl -1
sudo: rootsasl_auth_id (NONE)
sudo: sasl_secprops (NONE)
sudo: krb5_ccname FILE:/tmp/host.tkt
sudo: ===================
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: tls_cacertfile -> /etc/ssl/certs/ca-certificates.crt
sudo: ldap_set_option: tls_cacert -> /etc/ssl/certs/ca-certificates.crt
sudo: ldap_initialize(ld, ldap://kdc.domain.com ldap://kdc2.domain.com)
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: timelimit -> 3
sudo: ldap_set_option(LDAP_OPT_TIMEOUT, 3)
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 3)
sudo: ldap_start_tls_s() ok
sudo: sudo_ldap_sasl_interact: SASL_CB_USER
Segmentation fault (core dumped)
raub at testfirewall:~$
From syslog:
Jun 5 15:16:26 testfirewall kernel: [2068248.457275] sudo[22925]: segfault at 0 ip 00007f2feb02692a sp 00007ffff55073b8 error 4 in libc-2.19.so[7f2feaf9d000+1bc000]
That affects both local and network users *and* was observed in a new
install and an upgrade from 12.04LTS. Now, if I disable ldap for
sudoers in /etc/nsswitch.conf,
# sudoers: files ldap
sudoers: files
I can sudo from a local user with sudo rights. What am I missing here?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1327268/+subscriptions
More information about the foundations-bugs
mailing list