From owner-freebsd-ports-bugs@freebsd.org Tue Mar 22 08:50:54 2016 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B477AD83DF for ; Tue, 22 Mar 2016 08:50:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6BB3EFA8 for ; Tue, 22 Mar 2016 08:50:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u2M8osAU073378 for ; Tue, 22 Mar 2016 08:50:54 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 208198] security/sudo-1.8.16: Segmentation Fault when using sudoers in LDAP Date: Tue, 22 Mar 2016 08:50:54 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: fredrik.eriksson@loopia.se X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Mar 2016 08:50:54 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208198 Bug ID: 208198 Summary: security/sudo-1.8.16: Segmentation Fault when using sudoers in LDAP Product: Ports & Packages Version: Latest Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: fredrik.eriksson@loopia.se Since upgrading to security/sudo-1.8.16 I get segmentation fault whenever I= 'm trying to use sudo as an unprivileged user. 1.8.15 worked fine. For example: sudo -l works fine when running as root or when using a local sudoers file, but when running as an unprivileged user and with LDAP enabled sudo crashes with a segmentation fault. With debuging of ldap enabled I get this output when it crashes: sudo: LDAP Config Summary sudo: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sudo: uri ldap:// sudo: ldap_version 3 sudo: sudoers_base sudo: search_filter (objectClass=3DsudoRole) sudo: netgroup_base (NONE: will use nsswitch) sudo: netgroup_search_filter (objectClass=3DnisNetgroup) sudo: binddn sudo: bindpw sudo: bind_timelimit 10 sudo: timelimit 5 sudo: ssl start_tls sudo: tls_cacertfile /etc/ssl/ca_cert.crt sudo: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: tls_cacertfile -> /etc/ssl/ca_cert.crt sudo: ldap_set_option: tls_cacert -> /etc/ssl/ca_cert.crt sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: timelimit -> 5 sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 10) sudo: ldap_start_tls_s() ok sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=3Ddefaults: (&(objectClass=3DsudoRole)(cn=3Ddefaults)) sudo: no default options found in Segmentation fault Running the same as root gives me: sudo: LDAP Config Summary sudo: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sudo: uri ldap:// sudo: ldap_version 3 sudo: sudoers_base sudo: search_filter (objectClass=3DsudoRole) sudo: netgroup_base (NONE: will use nsswitch) sudo: netgroup_search_filter (objectClass=3DnisNetgroup) sudo: binddn sudo: bindpw sudo: bind_timelimit 10 sudo: timelimit 5 sudo: ssl start_tls sudo: tls_cacertfile /etc/ssl/ca_cert.crt sudo: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: tls_cacertfile -> /etc/ssl/ca_cert.crt sudo: ldap_set_option: tls_cacert -> /etc/ssl/ca_cert.crt sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: timelimit -> 5 sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 10) sudo: ldap_start_tls_s() ok sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=3Ddefaults: (&(objectClass=3DsudoRole)(cn=3Ddefaults)) sudo: no default options found in sudo: ldap search '(&(objectClass=3DsudoRole)(|(sudoUser=3Droot)(sudoUser=3D%wheel)(sudoUser= =3D%#0)(sudoUser=3D%operator)(sudoUser=3D%#5)(sudoUser=3DALL)))' sudo: searching from base '' sudo: adding search result sudo: result now has 2 entries sudo: ldap search '(&(objectClass=3DsudoRole)(sudoUser=3D*)(sudoUser=3D+*))' sudo: searching from base '' sudo: adding search result sudo: result now has 2 entries sudo: sorting remaining 2 entries sudo: perform search for pwflag 54 sudo: done with LDAP searches sudo: user_matches=3Dtrue sudo: host_matches=3Dtrue sudo: sudo_ldap_lookup(54)=3D0x02 sudo: ldap search for command list sudo: reusing previous result (user root) with 2 entries User root may run the following commands on : (ALL) ALL (ALL) ALL sudo: removing reusable search result --=20 You are receiving this mail because: You are the assignee for the bug.=