← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #07178

[Bug 1327268] Re: sudo-ldap segfaults in 14.04 if ldap is being used

  Thread PreviousDate PreviousThread Next 
** Branch linked: lp:~raubvogel/ubuntu/trusty/sudo/fix-for-1327268

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1327268

Title:
  sudo-ldap segfaults in 14.04 if ldap is being used

Status in “sudo” package in Ubuntu:
  New

Bug description:
  NOTE: I was asked in
  https://answers.launchpad.net/ubuntu/+source/sudo/+question/249819 to
  report this as a bug.

  raub@testfirewall:~$ lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description: Ubuntu 14.04 LTS
  Release: 14.04
  Codename: trusty
  raub@testfirewall:~$ uname -a
  Linux testfirewall 3.13.0-27-generic #50-Ubuntu SMP Thu May 15 18:06:16 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
  raub@testfirewall:~$

  and have before upgrading to 14.04 been using sudo-ldap so network
  admins can do some work. However, in 14.04, I am seeing

  raub@testfirewall:~$ sudo pwd
  sudo: LDAP Config Summary
  sudo: ===================
  sudo: uri ldap://kdc.domain.com ldap://kdc2.domain.com
  sudo: ldap_version 3
  sudo: sudoers_base ou=SUDOers,dc=domain,dc=com
  sudo: binddn (anonymous)
  sudo: bindpw (anonymous)
  sudo: bind_timelimit 3
  sudo: timelimit 3
  sudo: deref 0
  sudo: ssl start_tls
  sudo: tls_cacertfile /etc/ssl/certs/ca-certificates.crt
  sudo: use_sasl yes
  sudo: sasl_auth_id (NONE)
  sudo: rootuse_sasl -1
  sudo: rootsasl_auth_id (NONE)
  sudo: sasl_secprops (NONE)
  sudo: krb5_ccname FILE:/tmp/host.tkt
  sudo: ===================
  sudo: ldap_set_option: debug -> 0
  sudo: ldap_set_option: tls_cacertfile -> /etc/ssl/certs/ca-certificates.crt
  sudo: ldap_set_option: tls_cacert -> /etc/ssl/certs/ca-certificates.crt
  sudo: ldap_initialize(ld, ldap://kdc.domain.com ldap://kdc2.domain.com)
  sudo: ldap_set_option: ldap_version -> 3
  sudo: ldap_set_option: timelimit -> 3
  sudo: ldap_set_option(LDAP_OPT_TIMEOUT, 3)
  sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 3)
  sudo: ldap_start_tls_s() ok
  sudo: sudo_ldap_sasl_interact: SASL_CB_USER
  Segmentation fault (core dumped)

  raub@testfirewall:~$

  From syslog:
  Jun 5 15:16:26 testfirewall kernel: [2068248.457275] sudo[22925]: segfault at 0 ip 00007f2feb02692a sp 00007ffff55073b8 error 4 in libc-2.19.so[7f2feaf9d000+1bc000]

  That affects both local and network users *and* was observed in a new
  install and an upgrade from 12.04LTS. Now, if I disable ldap for
  sudoers in /etc/nsswitch.conf,

  # sudoers: files ldap
  sudoers: files

  I can sudo from a local user with sudo rights. What am I missing here?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1327268/+subscriptions
  Thread PreviousDate PreviousThread Next