[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sudo-users
Subject:    Re: [sudo-users] SegFault/BusError on FreeBSD
From:       Samuel Denbigh Leslie <samuel.denbigh.leslie () gmail ! com>
Date:       2012-02-01 17:18:08
Message-ID: 4F2973D0.7030908 () gmail ! com
[Download RAW message or body]

Hi Todd,

Thanks for your reply. I've built a lab setup in a VM and have 
reproduced the problem using the same version of PBIS and sudo 1.8.4rc1 
as requested. Please find attached two debug logs: sudo_debug.local 
(sudo from a local account -> works fine) and sudo_debug.ad (sudo from 
an AD account -> segfault).


-SDL

On 31/01/2012 3:27 AM, Todd C. Miller wrote:
> On Thu, 26 Jan 2012 19:46:07 +1100, Samuel Denbigh Leslie wrote:
>
>> I recently compiled&  installed sudo from ports on a FreeBSD 8.2 x64
>> box; version 1.8.3p1 w/ insults&  LDAP support. The box also has
>> BeyondTrust PowerBroker Identity Services (Open Edition) installed for
>> integration with an Active Directory domain. Whenever trying to sudo
>> logged in as an AD user, we either get a Segmentation Fault or a Bus
>> Error (which one seems to be largely random). When logged in as a local
>> user, sudo seems to work absolutely fine.
> That sounds like a problem related to the PAM modules used by
> PowerBroker Identity Services.
>
> Please try ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.4rc1.tar.gz and
> see if it has the same problem (I expect it will).  If so, add the
> following line to /etc/sudo.conf (creating it if it doesn't already
> exist).
>
> Debug sudo /var/log/sudo_debug auth@trace
>
> The tail end of /var/log/sudo_debug should give me an idea of where
> sudo is dying.
>
>   - todd


["sudo_debug.ad" (text/plain)]

Feb  2 04:10:20 sudo -> check_user @ ./check.c:108
Feb  2 04:10:20 sudo -> get_authpw @ ./check.c:748
Feb  2 04:10:20 sudo <- get_authpw @ ./check.c:767 := 0x800a35198
Feb  2 04:10:20 sudo -> sudo_auth_init @ ./auth/sudo_auth.c:108
Feb  2 04:10:20 sudo -> sudo_pam_init @ ./auth/pam.c:87
Feb  2 04:10:20 sudo <- sudo_pam_init @ ./auth/pam.c:123 := 0
Feb  2 04:10:20 sudo <- sudo_auth_init @ ./auth/sudo_auth.c:146 := 1
Feb  2 04:10:20 sudo -> user_is_exempt @ ./check.c:406
Feb  2 04:10:20 sudo <- user_is_exempt @ ./check.c:410 := false
Feb  2 04:10:20 sudo -> build_timestamp @ ./check.c:421
Feb  2 04:10:20 sudo <- build_timestamp @ ./check.c:454 := 18
Feb  2 04:10:20 sudo -> timestamp_status @ ./check.c:471
Feb  2 04:10:20 sudo <- timestamp_status @ ./check.c:656 := 3
Feb  2 04:10:20 sudo -> lecture @ ./check.c:204
Feb  2 04:10:20 sudo <- lecture @ ./check.c:208
Feb  2 04:10:20 sudo -> expand_prompt @ ./check.c:281
Feb  2 04:10:20 sudo <- expand_prompt @ ./check.c:392 := Password:
Feb  2 04:10:20 sudo -> verify_user @ ./auth/sudo_auth.c:186
Feb  2 04:10:20 sudo -> sudo_pam_verify @ ./auth/pam.c:131
Feb  2 04:10:20 sudo -> converse @ ./auth/pam.c:280
Feb  2 04:10:20 sudo -> auth_getpass @ ./auth/sudo_auth.c:347
Feb  2 04:10:23 sudo <- auth_getpass @ ./auth/sudo_auth.c:365 := **********
Feb  2 04:10:23 sudo <- converse @ ./auth/pam.c:345 := 0
Feb  2 04:10:23 sudo <- sudo_pam_verify @ ./auth/pam.c:142 := 0
Feb  2 04:10:23 sudo <- verify_user @ ./auth/sudo_auth.c:285 := 1
Feb  2 04:10:23 sudo -> sudo_auth_cleanup @ ./auth/sudo_auth.c:154
Feb  2 04:10:23 sudo -> sudo_pam_cleanup @ ./auth/pam.c:187
Feb  2 04:10:23 sudo <- sudo_pam_cleanup @ ./auth/pam.c:191 := 0
Feb  2 04:10:23 sudo <- sudo_auth_cleanup @ ./auth/sudo_auth.c:174 := 1
Feb  2 04:10:23 sudo <- check_user @ ./check.c:183 := true

["sudo_debug.local" (text/plain)]

Feb  2 04:11:29 sudo -> check_user @ ./check.c:108
Feb  2 04:11:29 sudo -> get_authpw @ ./check.c:748
Feb  2 04:11:29 sudo <- get_authpw @ ./check.c:767 := 0x800a34198
Feb  2 04:11:29 sudo -> sudo_auth_init @ ./auth/sudo_auth.c:108
Feb  2 04:11:29 sudo -> sudo_pam_init @ ./auth/pam.c:87
Feb  2 04:11:29 sudo <- sudo_pam_init @ ./auth/pam.c:123 := 0
Feb  2 04:11:29 sudo <- sudo_auth_init @ ./auth/sudo_auth.c:146 := 1
Feb  2 04:11:29 sudo -> sudo_auth_cleanup @ ./auth/sudo_auth.c:154
Feb  2 04:11:29 sudo -> sudo_pam_cleanup @ ./auth/pam.c:187
Feb  2 04:11:29 sudo <- sudo_pam_cleanup @ ./auth/pam.c:191 := 0
Feb  2 04:11:29 sudo <- sudo_auth_cleanup @ ./auth/sudo_auth.c:174 := 1
Feb  2 04:11:29 sudo <- check_user @ ./check.c:183 := true
Feb  2 04:11:29 sudo -> sudo_auth_begin_session @ ./auth/sudo_auth.c:293
Feb  2 04:11:29 sudo -> sudo_pam_begin_session @ ./auth/pam.c:202
Feb  2 04:11:29 sudo <- sudo_pam_begin_session @ ./auth/pam.c:242 := 0
Feb  2 04:11:29 sudo <- sudo_auth_begin_session @ ./auth/sudo_auth.c:305 := true


[prev in list] [next in list] [prev in thread] [next in thread]