After upgrading from sudo-1.7.0 to sudo-1.7.1-r1, sudo consistently segfaults, as follows (while using bash): rwald@verbum ~ $ echo test test rwald@verbum ~ $ sudo echo test Segmentation fault Downgrading back to 1.7.0 resolves the problem. Here's my emerge --info: rwald@verbum ~ $ emerge --info Portage 2.2_rc33 (default/linux/amd64/2008.0/desktop, gcc-4.3.3, glibc-2.9_p20081201-r2, 2.6.28-gentoo-r5 x86_64) ================================================================= System uname: Linux-2.6.28-gentoo-r5-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T7300_@_2.00GHz-with-glibc2.2.5 Timestamp of tree: Thu, 11 Jun 2009 18:15:02 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p39 dev-java/java-config: 2.1.7 dev-lang/python: 2.5.4-r2 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.2-r1 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distlocks fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://open-systems.ufl.edu/mirrors/gentoo http://www.gtlib.gatech.edu/pub/gentoo ftp://ftp.gtlib.gatech.edu/pub/gentoo http://distro.ibiblio.org/pub/linux/distributions/gentoo/ ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://gentoo.osuosl.org/ " LANG="C" LDFLAGS="-Wl,-O1" LINGUAS="en_US en ja" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/java-overlay /usr/local/portage/layman/sunrise /usr/local/portage" SYNC="rsync://rsync21.us.gentoo.org/gentoo-portage" USE="64bit 7zip X a52 aac aalib acl acpi aim alsa amarok amazon amd64 animgif anthy audacious bash-completion berkdb bittorrent bluetooth branding bzip2 cairo cdaudio cdda cddb cdparanoia cdr cjk cli console cracklib crypt css cups dbus dict directfb divx djvu dri dvd dvdnav dvdr dvdread dvi eds emboss encode esd exif fam fat fbcon fbcondecor fbsplash ffmpeg flac fortran ftp gdbm gif gimp gimpprint glitz glsa gmail gnome gpm gs gstreamer gtk hal hdaps hddtemp hfs ibmacpi iconv icq icu idea ieee1394 imagemagick ipv6 ipw4965 isdnlog jabber java javascript jingle john jpeg kerberos kpathsea lame laptop latex ldap libcaca libnotify lm_sensors lua mad matroska md5sum midi mikmod mmx mng mono mp3 mpeg mplayer msn mtp mudflap multilib musicbrainz mysql ncurses nethack nls nptl nptlonly nsplugin ntfs offensive ogg opengl openmp openssl opensslcrypt openvpn pam pcmcia pcre pdf perl pidgin png pop ppds pppd prediction python qt3support quicktime rar raw readline realmedia reflection reiserfs sdl server session smapi spell spl sse sse2 ssl svg sysfs tcpd theora threads thunderbird tiff timidity tracker truetype uim unicode usb vim-syntax vim-with-x visualization vorbis wav wifi wma wmp wordperfect wxwindows x264 xcb xcomposite xml xorg xscreensaver xulrunner xv xvid yahoo zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="synaptics evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_US en ja" USERLAND="GNU" VIDEO_CARDS="vesa vga i810 i830 intel" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS Note: This is the same bug as #265971, but my CFLAGS aren't unreasonable enough to mark this bug INVALID out-of-hand.
Any chance you can provide a backtrace? http://www.gentoo.org/proj/en/qa/backtraces.xml
I just ran into the same problem while upgrading to sudo-1.7.1-r1. In my case this is caused by a pam_mount entry in /etc/pam.d/system-auth - so that might be a pam_mount bug instead. Should I write a separate bug report? Disabling the last line (session optional pam_mount.so) makes the segfault disappear: auth required pam_env.so auth optional pam_mount.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth required pam_deny.so use_first_pass account required pam_unix.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so session optional pam_mount.so # this is the culprit My pam_mount configuration is according to http://www.gentoo-wiki.info/HOWTO_Encrypt_Your_Home_Directory_Using_LUKS_and_pam_mount Thanks for fixing!
Yea, I had the same "session optional pam_mount.so" line, and commenting it out stopped the segfaults. Is removing this line going to affect my ability to mount my home partition automatically when logging in?
Yep, pam_mount is not going to work without that line. I'm using su for now. A workaround would be to copy the contents of /etc/pam.d/system-auth to /etc/pam.d/sudo without the pam_mount session line. The default pam configuration for sudo just includes system-auth. Like that pam_mount is still performed on login while being avoided when sudoing where it's not needed anyway. For the record: This is eventually related to a sudo-bug which also appears with libpam-fprint libpam-lastlog, but has been resolved a year ago: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462445#53
Can you provide a backtrace please? With that I can decide whether to push it to which upstream or fix it.
Same here, after upgrading from 1.7.0 to 1.7.1-r1, any sudo segfaults. I can provide a stacktrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fbb090f36f0 (LWP 2509)] 0x0000003063c83780 in strlen () from /lib/libc.so.6 (gdb) bt #0 0x0000003063c83780 in strlen () from /lib/libc.so.6 #1 0x00000000004127cc in setenv () #2 0x00007fbb0808320f in pam_sm_open_session (pamh=0xb24930, flags=0, argc=0, argv=0x0) at pam_mount.c:465 #3 0x0000003067802ce2 in ?? () from /lib/libpam.so.0 #4 0x000000000040c998 in ?? () #5 0x0000000000416d4a in ?? () #6 0x0000000000418f19 in ?? () #7 0x0000003063c1e486 in __libc_start_main () from /lib/libc.so.6 #8 0x00000000004040b9 in ?? () #9 0x00007fff11118098 in ?? () #10 0x000000000000001c in ?? () #11 0x0000000000000002 in ?? () #12 0x00007fff11119275 in ?? () #13 0x00007fff11119283 in ?? () #14 0x0000000000000000 in ?? () I'm on a amd64 notebook.
Created attachment 194430 [details] output of emerge --info
I created a backtrace, but guess that it's of no much use: (gdb) run Starting program: /usr/bin/sudo -s Program received signal SIGSEGV, Segmentation fault. 0x00007f2f6d75ecb0 in strlen () from /lib/libc.so.6 Question, as I'm new into backtraces: I guess I'd need to build glibc with debugging symbols but I don't know whether I'm getting in trouble when rebuilding glibc without @world. May I? I usually have CFLAGS="-march=k8 -O2 -pipe -fomit-frame-pointer" and changed to CFLAGS="-march=k8 -O2 -pipe -ggdb" to get the backtrace. But: Interestingly, I can not reproduce the segfault when building sudo with -O1. Is this a gcc bug then? --- mense etc # emerge --info Portage 2.2_rc33 (default/linux/amd64/2008.0, gcc-4.3.2, glibc-2.7-r2, 2.6.30-gentoo-r1 x86_64) ================================================================= System uname: Linux-2.6.30-gentoo-r1-x86_64-AMD_Athlon-tm-_64_Processor_3000+-with-glibc2.2.5 Timestamp of tree: Sun, 14 Jun 2009 11:15:02 +0000 distcc 3.1 x86_64-pc-linux-gnu [disabled] ccache version 2.4 [enabled] app-shells/bash: 3.2_p39 dev-java/java-config: 2.1.7 dev-lang/python: 2.5.4-r2 dev-python/pycrypto: 2.0.1-r8 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.4 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 2.0 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe -ggdb" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/4.2/env /usr/kde/4.2/share/config /usr/kde/4.2/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=k8 -O2 -pipe -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://trumpetti.atm.tut.fi/gentoo/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo http://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ " LANG="en_US.utf8" LDFLAGS="-Wl,-O1" LINGUAS="en de fr es eo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/kde-testing /usr/local/portage/layman/haskell /usr/local/portage/layman/sunrise /usr/local/portage/layman/kolab /usr/portage/local /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="3dnow 3dnowext 7zip X aac aalib ace acl acpi akonadi alsa amd64 bash-completion berkdb bittorrent bzip2 cairo cli cracklib crypt css cups daap dbus dirac directfb docbook dot dri dvd dvdr dvdread dvi enblend encode epiphany espeak exif f-prot fam fbcon fbsplash ffmpeg file flac fortran gdbm geoip gif gimp git gmail gnutls gpg gpgme gphoto2 gpm graphviz grub gzip hal hbci iceweasel iconv id3 id3tag ieee1394 imagemagick inotify iproute2 ipv6 ipython jabber jack java6 jingle jpeg jpeg2k kate kde kde4 kdepim kdeprefix kipi kolab laptop latex libgcrypt lua lvm lzma markdown md5sum mediaplayer midi mikmod mmx mmxext mng mp3 mp3tunes mp4 mpeg mpeg2 mudflap multilib musepack musicbrainz ncurses nepomuk nls nptl nptlonly ocaml ocamlduce ocamlopt ogg openexr opengl openid openmp openstreetmap pam pcre pdf perl phonon plasma pmount png postgres pppd python python-bindings qt-webkit qt4 rar readline reflection schroedinger search semantic-desktop session sndfile solver speex spl sse sse2 ssh ssl subversion svg symlink sysfs tcpd theora tiff timidity transcode unicode usb v4l2 vim vim-syntax visualization vorbis vorbis-psy wavpack webkit wifi wma x264 xine xinerama xorg xrandr xulrunner xvid xvmc zlib zsh-completion" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en de fr es eo" USERLAND="GNU" VIDEO_CARDS="nvidia nv" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
reproducible, when building with -O1, no segfault occurs.
Would be better if any of you had a backtrace with sudo also built with debugging symbols enabled, but I think I tracked down the issues, it's a similar one to #266361.
I've committed a fix to pam_mount-1.25-r1.
Tested sys-auth/pam_mount-1.25-r1 in combination with app-admin/sudo-1.7.1-r1, works fine. Thank you!
fix confirmed. thanks!
*** Bug 275317 has been marked as a duplicate of this bug. ***
