[sudo-users] Solaris 10 core dump using option -i and -s
mehdi badreddine
mehdi.badreddine at horya.fr
Fri Mar 29 08:29:25 MDT 2013
Hi all,
I've been into an issue after updating my sudo from 1.8.1.p2 to 1.8.6p7.
I've also tested the behaviour with 1.8.5p2, but it still does the same.
Here it is :
On a Solaris 10 u 10 with SUNWjass installed (Nfs client libraries are
disabled, ie hardened solaris), I run this command :
sudo -u theuser -i
$ ps -ef
...
$ exit
logout
Bad System Call (core dumped)
At that moment, a SIGSYS is catched and the sudo dumps core.
using mdb, the message is :
Loading modules: [ libc.so.1 libavl.so.1 libproc.so.1 ld.so.1 ]
> $?
no process
SIGSYS: Bad System Call
%cs = 0x003b %eax = 0x00000059
%ds = 0x0043 %ebx = 0xfe873000
%ss = 0x0043 %ecx = 0x080473f0
%es = 0x0043 %edx = 0xfedeb505 libc.so.1`_nfssys+0x15
%fs = 0x0000 %esi = 0x08064ba8
%gs = 0x01c3 %edi = 0x000002e4
%eip = 0xfedeb505 libc.so.1`_nfssys+0x15
%ebp = 0x08047a38
%kesp = 0x00000000
%eflags = 0x00000287
id=0 vip=0 vif=0 ac=0 vm=0 rf=0 nt=0 iopl=0x0
status=<of,df,IF,tf,SF,zf,af,PF,CF>
%esp = 0x080473f0
%trapno = 0xe
%err = 0x7
The issue is undoubtedly related to nfssys syscall. But which library calls
it ?
I've looked more deeply, and compared between two versions of sudo,
Here is the trace with sudo 1.8.1p2
pollsys(0x08047B20, 2, 0x00000000, 0x00000000) (sleeping...)
Received signal #18, SIGCLD, in pollsys() [caught] <=== "exit "
command issued
siginfo: SIGCLD CLD_EXITED pid=4645 status=0x0000
pollsys(0x08047B20, 2, 0x00000000, 0x00000000) Err#4 EINTR
lwp_sigmask(SIG_SETMASK, 0x00020000, 0x00000000) = 0xFFBFFEFF [0x0000FFFF]
write(7, "12", 1) = 1
setcontext(0x08047650)
pollsys(0x08047B20, 2, 0x00000000, 0x00000000) = 1
read(6, "12", 1) = 1
waitid(P_PID, 4645, 0x08047AE0, WEXITED|WTRAPPED|WSTOPPED|WNOHANG) = 0
_exit(0)
Here is the one with sudo 1.8.6p7
pollsys(0x08047500, 2, 0x00000000, 0x00000000) (sleeping...)
Received signal #18, SIGCLD, in pollsys() [caught] <=== "exit "
command issued
siginfo: SIGCLD CLD_EXITED pid=23167 status=0x0000
pollsys(0x08047500, 2, 0x00000000, 0x00000000) Err#4 EINTR
lwp_sigmask(SIG_SETMASK, 0x00020000, 0x00000000) = 0xFFBFFEFF [0x0000FFFF]
write(7, "12", 1) = 1
setcontext(0x08046FB0)
pollsys(0x08047500, 2, 0x00000000, 0x00000000) = 1
read(6, "12", 1) = 1
waitid(P_PID, 23167, 0x08047500, WEXITED|WTRAPPED|WSTOPPED|WNOHANG) = 0
stat64("/usr/lib/security/pam_unix_session.so.1", 0x08047510) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE) = 5
time() = 1364553619
read(5, " r o o t : x : 0 : 0 : S".., 1024) = 1024
close(5) = 0
stat64("/usr/lib/libdoor.so.1", 0x08046480) = 0
resolvepath("/usr/lib/libdoor.so.1", "/lib/libdoor.so.1", 1023) = 17
open("/usr/lib/libdoor.so.1", O_RDONLY) = 5
mmap(0x00010000, 22424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ALIGN, 5, 0) =
0xFE930000
mmap(0x00010000, 77824, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFE750000
mmap(0xFE750000, 6971, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_TEXT,
5, 0) = 0xFE750000
mmap(0xFE762000, 488, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_INITDATA, 5, 8192) = 0xFE762000
munmap(0xFE752000, 65536) = 0
munmap(0xFE930000, 22424) = 0
close(5) = 0
memcntl(0xFE750000, 3220, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
open("/var/run/rpc_door/rpc_100029.1", O_RDONLY) Err#2 ENOENT
nfssys() Err#89 ENOSYS
Received signal #12, SIGSYS [default]
- On the second line, the SIGCHLD is caught, and then sudo exits to the
monitoring process.
- On version 1.8.6p7, these calls are made :
open pam_unix_session
open /etc/passwd
resolvepath libdoor, open libdoor
and then after that, process launches nfssys and dumps core.
- Here's my question :
Is it possible to deactivate the use of this lib pam_unix_session within
sudoers configuration file ?
Thanks in advance for any hint
Mehdi
More information about the sudo-users
mailing list