[sudo-users] Sudoreplay: Permissions error and sefault - 1.8.19p2

Tue Mar 7 00:45:23 MST 2017

Hi,

I am busy implementing sudoreplay on several servers and for some reason,
the seq file seems to not update correctly which results in a permission
denied error message when using the sudo command. I have also noticed a
segfault at around the same time so I am not sure if the two are related.

audit.log:
Mar  7 07:09:45 htf-kermit sudo: f4851773 : unable to write to I/O log
file: : stream end : Permission denied ; TTY=pts/0 ; PWD=/home/username ;
TSID=000001 ; COMMAND=/bin/su -

dmesg:
[Tue Mar  7 07:09:49 2017] sudo[9216]: segfault at ffffffffffffffd8 ip
00007f7f9d69c285 sp 00007fffdf8a7df0 error 7 in
sudoers.so[7f7f9d66a000+50000]

 I have removed the Environment variables from the --version output, please
let me know if you need them.

# sudo --version
Sudo version 1.8.19p2
Configure options: --prefix=/usr --with-all-insults --with-pam
--enable-zlib=system --with-fqdn --with-logging=syslog
--with-logfac=authpriv --with-env-editor --with-editor=/usr/bin/editor
--with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo]
password for %p:  --disable-root-mailer --with-sendmail=/usr/sbin/sendmail
--mandir=/usr/share/man --libexecdir=/usr/lib --with-selinux
--with-linux-audit --enable-admin-flag --without-lecture --with-sssd
--with-sssd-lib=/usr/lib/x86_64-linux-gnu --disable-tmpfiles.d
Sudoers policy plugin version 1.8.19p2
Sudoers file grammar version 45

Sudoers path: /etc/sudoers
Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: authpriv
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Send mail if user authentication fails
Send mail if the user is not in sudoers
Use a separate timestamp for each user/tty combo
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Allow some information gathering to give useful error messages
Require fully-qualified hostnames in the sudoers file
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 15.0 minutes
Password prompt timeout: 0.0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to lecture status dir: /var/lib/sudo/lectured
Path to authentication timestamp dir: /var/run/sudo/ts
Default password prompt: [sudo] password for %p:
Default user to run commands as: root
Value to override user's $PATH with:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Path to the editor for use by visudo: /usr/bin/editor
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File descriptors >= 3 will be closed before executing a command
Locale to use while parsing sudoers: C
Log the output of the command being run
Compress I/O logs using zlib
Directory in which to store input/output logs: /var/log/sudo-io/%{user}
File in which to store the input/output log: %{seq}
Add an entry to the utmp/utmpx file when allocating a pty
PAM service name to use
PAM service name to use for login shells
Attempt to establish PAM credentials for the target user
Create a new PAM session for the command to run in
Maximum I/O log sequence number: 2176782336
Enable sudoers netgroup support
Check parent directories for writability when editing files with sudoedit
Allow commands to be run even if sudo cannot write to the audit log
Allow commands to be run even if sudo cannot write to the I/O log
Allow commands to be run even if sudo cannot write to the log file
Log entries larger than this value will be split into multiple syslog
messages
File mode to use for the I/O log files: 0600

Local IP address and netmask pairs:
x.x.x.x/255.255.255.x
ffff::ffff:ffff:ffff:ffff/ffff:ffff:ffff:ffff::

Sudoers I/O plugin version 1.8.19p2

Any ideas as to what could be causing the seq file to not be updated
correctly and/or what is causing the segfault?

Regards
Rudi