From owner-freebsd-current@FreeBSD.ORG  Mon Mar 12 14:12:25 2012
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 71F241065686
	for <current@FreeBSD.org>; Mon, 12 Mar 2012 14:12:25 +0000 (UTC)
	(envelope-from dim@FreeBSD.org)
Received: from tensor.andric.com (cl-327.ede-01.nl.sixxs.net
	[IPv6:2001:7b8:2ff:146::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 32FAF8FC12
	for <current@FreeBSD.org>; Mon, 12 Mar 2012 14:12:25 +0000 (UTC)
Received: from [IPv6:2001:7b8:3a7:0:3c9b:903d:6dc8:ae42] (unknown
	[IPv6:2001:7b8:3a7:0:3c9b:903d:6dc8:ae42])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by tensor.andric.com (Postfix) with ESMTPSA id 511905C37;
	Mon, 12 Mar 2012 15:12:24 +0100 (CET)
Message-ID: <4F5E0446.5010704@FreeBSD.org>
Date: Mon, 12 Mar 2012 15:12:22 +0100
From: Dimitry Andric <dim@FreeBSD.org>
Organization: The FreeBSD Project
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
	rv:11.0) Gecko/20120229 Thunderbird/11.0
MIME-Version: 1.0
To: Michael Butler <imb@protected-networks.net>
References: <4F5D3B56.4010702@protected-networks.net>
In-Reply-To: <4F5D3B56.4010702@protected-networks.net>
X-Enigmail-Version: 1.4a1pre
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: current@FreeBSD.org
Subject: Re: sudo through ssh broken on -current?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2012 14:12:25 -0000

On 2012-03-12 00:55, Michael Butler wrote:
> I noted some thing odd when executing the following ..
> 
> /home/imb> ssh imb@xxxx "sudo /sbin/ipfw list"
> 
> sudo: (malloc) /usr/src/lib/libc/stdlib/malloc.c:2644: Failed assertion:
> "(run->regs_mask[elm] & (1U << bit)) == 0"
> Abort
> 
> Adding '-t' as a parameter to ssh runs without the assert,

This is a double free bug in sudo:

  http://www.sudo.ws/bugs/show_bug.cgi?id=544

Alternative fix:

  http://www.andric.com/freebsd/security-sudo-fix-double-free-1.diff