# sudo segmentation fault x86_64

## tomblue

Hi all,

I'm trying to get "sudo" to work for a user in the "wheel" group. Note: I just want to get sudo working at all, before cutting functionality down to what I actually need.

/etc/sudoers:

```

Defaults   env_reset

root   ALL=(ALL) ALL

%wheel   ALL=(ALL)   NOPASSWD: ALL
```

When I now launch "sudo shutdown -r 5" as user that is part of group "wheel" I'm getting a segmentation fault.

System specs:

- app-admin/sudo-1.6.9_p17 

- 2.6.25-gentoo-r7 #3 SMP 

- x86_64 Intel(R) Core(TM)2 Quad CPU Q9450

Does anyone have an idea what might cause this? If I can provide further infos and logs I'd be delighted to do so. Just say which information you'd need.

I thought strace might give me a clue but it doesn't:

strace -f sudo shutdown -r 5:

```

strace -f sudo shutdown -r 5

execve("/usr/bin/sudo", ["sudo", "shutdown", "-r", "5"], [/* 46 vars */]) = 0

brk(0)                                  = 0x14df000

fcntl(0, F_GETFD)                       = 0

fcntl(1, F_GETFD)                       = 0

fcntl(2, F_GETFD)                       = 0

access("/etc/suid-debug", F_OK)         = -1 ENOENT (No such file or directory)

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f913af1b000

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f913af1a000

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=100094, ...}) = 0

mmap(NULL, 100094, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f913af01000

close(3)                                = 0

open("/lib/libpam.so.0", O_RDONLY)      = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360#\0\0\0\0\0\0@"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=47480, ...}) = 0

mmap(NULL, 2142696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f913aaf6000

mprotect(0x7f913ab00000, 2097152, PROT_NONE) = 0

mmap(0x7f913ad00000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7f913ad00000

close(3)                                = 0

open("/lib/libdl.so.2", O_RDONLY)       = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\16\0\0\0\0\0\0@"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=14528, ...}) = 0

mmap(NULL, 2109728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f913a8f2000

mprotect(0x7f913a8f4000, 2097152, PROT_NONE) = 0

mmap(0x7f913aaf4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f913aaf4000

close(3)                                = 0

open("/lib/libc.so.6", O_RDONLY)        = 3

read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220\334\1\0\0\0\0\0@"..., 832) = 832

fstat(3, {st_mode=S_IFREG|0755, st_size=1293456, ...}) = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f913af00000

mmap(NULL, 3399928, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f913a5b3000

mprotect(0x7f913a6e9000, 2093056, PROT_NONE) = 0

mmap(0x7f913a8e8000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x135000) = 0x7f913a8e8000

mmap(0x7f913a8ed000, 16632, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f913a8ed000

close(3)                                = 0

mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f913aeff000

arch_prctl(ARCH_SET_FS, 0x7f913aeff6f0) = 0

mprotect(0x7f913a8e8000, 16384, PROT_READ) = 0

mprotect(0x7f913aaf4000, 4096, PROT_READ) = 0

mprotect(0x7f913ad00000, 4096, PROT_READ) = 0

mprotect(0x61c000, 4096, PROT_READ)     = 0

mprotect(0x7f913af1c000, 4096, PROT_READ) = 0

munmap(0x7f913af01000, 100094)          = 0

brk(0)                                  = 0x14df000

brk(0x1500000)                          = 0x1500000

open("/usr/lib64/locale/locale-archive", O_RDONLY) = 3

fstat(3, {st_mode=S_IFREG|0644, st_size=2247376, ...}) = 0

mmap(NULL, 2247376, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f913a38e000

close(3)                                = 0

geteuid()                               = 1000

write(2, "sudo: "..., 6sudo: )                = 6

write(2, "must be setuid root"..., 19must be setuid root)  = 19

write(2, "\n"..., 1

)                    = 1

exit_group(1)                           = ?

```

----------

## Genone

Yah, strace doesn't work nicely with SUID apps (as strace itself doesn't have the SUID bit). Did you verify that the segfault is caused by sudo, it could it be that the shutdown command is the actual problem (IOW: is the problem reproducable with other commands, or does it happen when you call shutdown without invoking sudo?).

----------

## tomblue

The seg fault is not caused by shutdown. I can reproduce this behaviour with any other command, e.g. "sudo top".

Oh, by the way: sudo is compiled with useflag "pam".

----------

## tomblue

Hi all,

some more, rather interesting news: I've emerged an older version of sudo (app-admin/sudo-1.6.8_p12-r1). This version works like a charm.

Tried app-admin/sudo-1.7.0_rc2, the latest version in portage, as well: It's seg faulting like the 1.6.9 versions.

Cheers

----------

## jowr

This problem still exists in 1.7.1-r1, and it goes away with removing the pam useflag.

----------

## skunk

in my case pam_mount is causing the segfault, to be more precise, this line in /etc/pam.d/system-auth:

```
session         optional        pam_mount.so
```

----------

