Date: Tue, 22 Mar 2016 08:50:54 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 208198] security/sudo-1.8.16: Segmentation Fault when using sudoers in LDAP Message-ID: <bug-208198-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208198 Bug ID: 208198 Summary: security/sudo-1.8.16: Segmentation Fault when using sudoers in LDAP Product: Ports & Packages Version: Latest Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: fredrik.eriksson@loopia.se Since upgrading to security/sudo-1.8.16 I get segmentation fault whenever I= 'm trying to use sudo as an unprivileged user. 1.8.15 worked fine. For example: sudo -l works fine when running as root or when using a local sudoers file, but when running as an unprivileged user and with LDAP enabled sudo crashes with a segmentation fault. With debuging of ldap enabled I get this output when it crashes: sudo: LDAP Config Summary sudo: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sudo: uri ldap://<hostname> sudo: ldap_version 3 sudo: sudoers_base <sudoers-base> sudo: search_filter (objectClass=3DsudoRole) sudo: netgroup_base (NONE: will use nsswitch) sudo: netgroup_search_filter (objectClass=3DnisNetgroup) sudo: binddn <bind-user> sudo: bindpw <bind-pwd> sudo: bind_timelimit 10 sudo: timelimit 5 sudo: ssl start_tls sudo: tls_cacertfile /etc/ssl/ca_cert.crt sudo: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: tls_cacertfile -> /etc/ssl/ca_cert.crt sudo: ldap_set_option: tls_cacert -> /etc/ssl/ca_cert.crt sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: timelimit -> 5 sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 10) sudo: ldap_start_tls_s() ok sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=3Ddefaults: (&(objectClass=3DsudoRole)(cn=3Ddefaults)) sudo: no default options found in <sudoers-base> Segmentation fault Running the same as root gives me: sudo: LDAP Config Summary sudo: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sudo: uri ldap://<hostname> sudo: ldap_version 3 sudo: sudoers_base <sudoers-base> sudo: search_filter (objectClass=3DsudoRole) sudo: netgroup_base (NONE: will use nsswitch) sudo: netgroup_search_filter (objectClass=3DnisNetgroup) sudo: binddn <bind-user> sudo: bindpw <bind-pwd> sudo: bind_timelimit 10 sudo: timelimit 5 sudo: ssl start_tls sudo: tls_cacertfile /etc/ssl/ca_cert.crt sudo: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: tls_cacertfile -> /etc/ssl/ca_cert.crt sudo: ldap_set_option: tls_cacert -> /etc/ssl/ca_cert.crt sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: timelimit -> 5 sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 10) sudo: ldap_start_tls_s() ok sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=3Ddefaults: (&(objectClass=3DsudoRole)(cn=3Ddefaults)) sudo: no default options found in <sudoers-base> sudo: ldap search '(&(objectClass=3DsudoRole)(|(sudoUser=3Droot)(sudoUser=3D%wheel)(sudoUser= =3D%#0)(sudoUser=3D%operator)(sudoUser=3D%#5)(sudoUser=3DALL)))' sudo: searching from base '<sudoers-base>' sudo: adding search result sudo: result now has 2 entries sudo: ldap search '(&(objectClass=3DsudoRole)(sudoUser=3D*)(sudoUser=3D+*))' sudo: searching from base '<sudoers-base>' sudo: adding search result sudo: result now has 2 entries sudo: sorting remaining 2 entries sudo: perform search for pwflag 54 sudo: done with LDAP searches sudo: user_matches=3Dtrue sudo: host_matches=3Dtrue sudo: sudo_ldap_lookup(54)=3D0x02 sudo: ldap search for command list sudo: reusing previous result (user root) with 2 entries User root may run the following commands on <localhost>: (ALL) ALL (ALL) ALL sudo: removing reusable search result --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-208198-13>