Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sudo responds with "killed" #117

Closed
timbz opened this issue Oct 14, 2021 · 12 comments
Closed

Sudo responds with "killed" #117

timbz opened this issue Oct 14, 2021 · 12 comments

Comments

@timbz
Copy link

timbz commented Oct 14, 2021

In PostmarketOS, an Alpine base OS mainly targeted at smartphones we experience crashes of sudo when running on older kernels. It prints Killed and returns with code 137. sudo-1.9.7_p1-r1 from alpine still works. Looks like the issue got introduced in 1.9.8.
Related issue: https://gitlab.com/postmarketOS/pmaports/-/issues/1252

sudo_debug 

sudo[] -> sudo_check_suid @ ./sudo.c:891
sudo[] <- sudo_check_suid @ ./sudo.c:935
sudo[] -> save_signals @ ./signal.c:75
sudo[] <- save_signals @ ./signal.c:82
sudo[] -> init_signals @ ./signal.c:121
sudo[] will restore signal 13 on exec
sudo[] <- init_signals @ ./signal.c:168
sudo[] -> sudo_conf_read_v1 @ ./sudo_conf.c:658
sudo[] -> sudo_secure_path @ ./secure_path.c:41
sudo[] <- sudo_secure_path @ ./secure_path.c:60 := 0
sudo[] -> sudo_conf_init @ ./sudo_conf.c:597
sudo[] -> sudo_conf_clear_paths_v1 @ ./sudo_conf.c:768
sudo[] <- sudo_conf_init @ ./sudo_conf.c:643
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 0
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 40
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:124 := 49
sudo[] -> sudo_parseln_v2 @ ./parseln.c:54
sudo[] <- sudo_parseln_v2 @ ./parseln.c:123 := -1
sudo[] <- sudo_conf_read_v1 @ ./sudo_conf.c:758 := 1
sudo[] -> get_user_info @ ./sudo.c:503
sudo[] -> sudo_new_key_val_v1 @ ./key_val.c:43
sudo[] <- sudo_new_key_val_v1 @ ./key_val.c:55 := user=timb
sudo[] -> get_user_groups @ ./sudo.c:430
sudo[] get_user_groups: got 8 groups via getgroups()
sudo[] <- get_user_groups @ ./sudo.c:487 := groups=10,18,23,27,28,101,102,10000
sudo[] -> sudo_new_key_val_v1 @ ./key_val.c:43
sudo[] <- sudo_new_key_val_v1 @ ./key_val.c:55 := cwd=/var/log
sudo[] -> get_process_ttyname @ ./ttyname.c:201
sudo[] -> sudo_ttyname_dev_v1 @ ./ttyname_dev.c:261
sudo[] -> sudo_dev_check @ ./ttyname_dev.c:229
sudo[] comparing dev 34816 to /dev/console: no @ sudo_dev_check() ./ttyname_dev.c:244
sudo[] <- sudo_dev_check @ ./ttyname_dev.c:246 := (null)
sudo[] -> sudo_strsplit_v1 @ ./strsplit.c:38
sudo[] <- sudo_strsplit_v1 @ ./strsplit.c:72 := 0x400dd56c
sudo[] -> sudo_dev_check @ ./ttyname_dev.c:229
sudo[] comparing dev 34816 to /dev/pts/0: match! @ sudo_dev_check() ./ttyname_dev.c:233
sudo[] <- sudo_dev_check @ ./ttyname_dev.c:237 := /dev/pts/0
sudo[] <- sudo_ttyname_dev_v1 @ ./ttyname_dev.c:309 := /dev/pts/0
sudo[] <- get_process_ttyname @ ./ttyname.c:271 := /dev/pts/0
sudo[] -> sudo_new_key_val_v1 @ ./key_val.c:43
sudo[] <- sudo_new_key_val_v1 @ ./key_val.c:55 := tty=/dev/pts/0
sudo[] -> sudo_new_key_val_v1 @ ./key_val.c:43
sudo[] <- sudo_new_key_val_v1 @ ./key_val.c:55 := host=samsung-i9100
sudo[] -> sudo_get_ttysize_v1 @ ./ttysize.c:54
sudo[] -> get_ttysize_ioctl @ ./ttysize.c:40
sudo[] <- get_ttysize_ioctl @ ./ttysize.c:46 := 0
sudo[] <- sudo_get_ttysize_v1 @ ./ttysize.c:70
sudo[] -> serialize_limits @ ./limits.c:435
sudo[] <- serialize_limits @ ./limits.c:465 := 11
sudo[] <- get_user_info @ ./sudo.c:634 := 0x400efee0
sudo[] -> disable_coredump @ ./limits.c:199
sudo[] RLIMIT_CORE [0, -1] -> [0, 0]
sudo[] <- disable_coredump @ ./limits.c:221
sudo[] -> parse_args @ ./parse_args.c:258
sudo[] -> get_net_ifs @ ./net_ifs.c:121
sudo[] <- get_net_ifs @ ./net_ifs.c:228 := 4
sudo[] <- parse_args @ ./parse_args.c:699 := 655361
sudo[] sudo_mode 655361
sudo[] -> sudo_load_plugins @ ./load_plugins.c:476
sudo[] -> sudo_load_sudoers_plugin @ ./load_plugins.c:444
sudo[] -> sudo_load_plugin @ ./load_plugins.c:266
sudo[] -> sudo_check_plugin @ ./load_plugins.c:105
sudo[] -> sudo_stat_plugin @ ./load_plugins.c:46
sudo[] <- sudo_stat_plugin @ ./load_plugins.c:97 := 0
sudo[] <- sudo_check_plugin @ ./load_plugins.c:137 := true
sudo[] -> fill_container @ ./load_plugins.c:153
sudo[] -> sudo_conf_debug_files_v1 @ ./sudo_conf.c:546
sudo[] <- sudo_conf_debug_files_v1 @ ./sudo_conf.c:563 := 0x400c9ac8
sudo[] <- fill_container @ ./load_plugins.c:170 := true
sudo[] <- sudo_load_plugin @ ./load_plugins.c:359 := true
sudo[] <- sudo_load_sudoers_plugin @ ./load_plugins.c:464 := true
sudo[] -> sudo_load_sudoers_plugin @ ./load_plugins.c:444
sudo[] -> sudo_load_plugin @ ./load_plugins.c:266
sudo[] -> sudo_check_plugin @ ./load_plugins.c:105
sudo[] -> sudo_stat_plugin @ ./load_plugins.c:46
sudo[] <- sudo_stat_plugin @ ./load_plugins.c:97 := 0
sudo[] <- sudo_check_plugin @ ./load_plugins.c:137 := true
sudo[] -> sudo_insert_plugin @ ./load_plugins.c:236
sudo[] -> plugin_exists @ ./load_plugins.c:197
sudo[] <- plugin_exists @ ./load_plugins.c:203 := false
sudo[] -> new_container @ ./load_plugins.c:178
sudo[] -> fill_container @ ./load_plugins.c:153
sudo[] -> sudo_conf_debug_files_v1 @ ./sudo_conf.c:546
sudo[] <- sudo_conf_debug_files_v1 @ ./sudo_conf.c:563 := 0x400c9ac8
sudo[] <- fill_container @ ./load_plugins.c:170 := true
sudo[] <- new_container @ ./load_plugins.c:187 := 0x40040c00
sudo[] <- sudo_insert_plugin @ ./load_plugins.c:253 := true
sudo[] <- sudo_load_plugin @ ./load_plugins.c:359 := true
sudo[] <- sudo_load_sudoers_plugin @ ./load_plugins.c:464 := true
sudo[] -> sudo_load_sudoers_plugin @ ./load_plugins.c:444
sudo[] -> sudo_load_plugin @ ./load_plugins.c:266
sudo[] -> sudo_check_plugin @ ./load_plugins.c:105
sudo[] -> sudo_stat_plugin @ ./load_plugins.c:46
sudo[] <- sudo_stat_plugin @ ./load_plugins.c:97 := 0
sudo[] <- sudo_check_plugin @ ./load_plugins.c:137 := true
sudo[] -> sudo_insert_plugin @ ./load_plugins.c:236
sudo[] -> plugin_exists @ ./load_plugins.c:197
sudo[] <- plugin_exists @ ./load_plugins.c:203 := false
sudo[] -> new_container @ ./load_plugins.c:178
sudo[] -> fill_container @ ./load_plugins.c:153
sudo[] -> sudo_conf_debug_files_v1 @ ./sudo_conf.c:546
sudo[] <- sudo_conf_debug_files_v1 @ ./sudo_conf.c:563 := 0x400c9ac8
sudo[] <- fill_container @ ./load_plugins.c:170 := true
sudo[] <- new_container @ ./load_plugins.c:187 := 0x40040c30
sudo[] <- sudo_insert_plugin @ ./load_plugins.c:253 := true
sudo[] <- sudo_load_plugin @ ./load_plugins.c:359 := true
sudo[] <- sudo_load_sudoers_plugin @ ./load_plugins.c:464 := true
sudo[] -> sudo_init_event_alloc @ ./load_plugins.c:418
sudo[] <- sudo_init_event_alloc @ ./load_plugins.c:432
sudo[] -> sudo_register_hooks @ ./load_plugins.c:380
sudo[] <- sudo_register_hooks @ ./load_plugins.c:411
sudo[] <- sudo_load_plugins @ ./load_plugins.c:542 := true
sudo[] -> sudo_ev_base_alloc_v1 @ ./event.c:202
sudo[] -> sudo_ev_base_init @ ./event.c:172
sudo[] -> sudo_ev_base_alloc_impl @ ./event_poll.c:42
sudo[] <- sudo_ev_base_alloc_impl @ ./event_poll.c:57 := 0
sudo[] -> sudo_ev_init @ ./event.c:269
sudo[] <- sudo_ev_init @ ./event.c:278
sudo[] <- sudo_ev_base_init @ ./event.c:191 := 0
sudo[] <- sudo_ev_base_alloc_v1 @ ./event.c:214 := 0x400bb840
sudo[] -> audit_open @ ./sudo.c:1564
sudo[] -> audit_open_int @ ./sudo.c:1538
sudo[] -> format_plugin_settings @ ./sudo.c:1021
sudo[] -> sudo_new_key_val_v1 @ ./key_val.c:43
sudo[] <- sudo_new_key_val_v1 @ ./key_val.c:55 := plugin_path=/usr/lib/sudo/sudoers.so
sudo[] settings: progname=sudo
sudo[] -> sudo_new_key_val_v1 @ ./key_val.c:43
sudo[] <- sudo_new_key_val_v1 @ ./key_val.c:55 := progname=sudo
sudo[] settings: implied_shell=true
sudo[] -> sudo_new_key_val_v1 @ ./key_val.c:43
sudo[] <- sudo_new_key_val_v1 @ ./key_val.c:55 := implied_shell=true
sudo[] settings: network_addrs=192.168.1.26/255.255.255.0 172.16.42.1/255.255.0.0 fe80::8a30:8aff:fe00:b7e2/ffff:ffff:ffff:ffff:: fe80::fcda:42ff:feb7:2079/ffff:ffff:ffff:ffff::
sudo[] -> sudo_new_key_val_v1 @ ./key_val.c:43
sudo[] <- sudo_new_key_val_v1 @ ./key_val.c:55 := network_addrs=192.168.1.26/255.255.255.0 172.16.42.1/255.255.0.0 fe80::8a30:8aff:fe00:b7e2/ffff:ffff:ffff:ffff:: fe80::fcda:42ff:feb7:2079/ffff:ffff:ffff:ffff::
sudo[] settings: plugin_dir=/usr/lib/sudo/
sudo[] -> sudo_new_key_val_v1 @ ./key_val.c:43
sudo[] <- sudo_new_key_val_v1 @ ./key_val.c:55 := plugin_dir=/usr/lib/sudo/
sudo[] <- format_plugin_settings @ ./sudo.c:1063 := 0x400bb030

@millert
Copy link
Collaborator

millert commented Oct 14, 2021

Exit code 137 most likely means sudo died from SIGKILL (128 + 9 == 137). Is there anything in the kernel message log that indicates why sudo was killed? One change in sudo 1.9.8 that could be relevant is that it is now compiled using -fstack-clash-protection and links with -z noexecstack. I wonder if either of those are causing problems. You can try passing configure the --disable-hardening option when building sudo and see if that makes any difference.

@timbz
Copy link
Author

timbz commented Oct 15, 2021

Thanks for the quick answer.

Is there anything in the kernel message log that indicates why sudo was killed?

No, nothing

You can try passing configure the --disable-hardening option when building sudo and see if that makes any difference.

Unfortunately that didn't help

@timbz
Copy link
Author

timbz commented Oct 20, 2021
edited
Loading

I did a git bisect and it seems fa7250e is the commit causing the problem.

I traced it down to

sudoers_policy_deserialize_info --> sudo_uuid_create_v1 --> arc4random_buf

@millert
Copy link
Collaborator

millert commented Oct 20, 2021

Does the uuid unit test crash or fail? For example:

cd lib/util
make uuid_test && ./uuid_test

should produce:

uuid_test: 16 tests run, 0 errors, 100% success rate

@millert
Copy link
Collaborator

millert commented Oct 20, 2021

It looks like this is due to getentropy() failing. Perhaps sudo's configure script detected getentropy() in the C library but it is not actually implemented. You can override configure's check by setting ac_cv_func_getentropy=no in the environment. E.g.

ac_cv_func_getentropy=no ./configure ...

That will cause sudo to use fallback code for this. I'll take a look at handling getentropy() returning ENOSYS.

@timbz
Copy link
Author

timbz commented Oct 20, 2021
edited
Loading

Does the uuid unit test crash or fail? For example:

cd lib/util
make uuid_test && ./uuid_test

should produce:

uuid_test: 16 tests run, 0 errors, 100% success rate

this also fails

samsung-i9100:~/sudo/lib/util$ make uuid_test && ./uuid_test
make: 'uuid_test' is up to date.
Killed

@timbz
Copy link
Author

timbz commented Oct 20, 2021

It looks like this is due to getentropy() failing. Perhaps sudo's configure script detected getentropy() in the C library but it is not actually implemented. You can override configure's check by setting ac_cv_func_getentropy=no in the environment. E.g.

ac_cv_func_getentropy=no ./configure ...

That will cause sudo to use fallback code for this. I'll take a look at handling getentropy() returning ENOSYS.

That seems to "fix" it

uuid_test: 16 tests run, 0 errors, 100% success rate

@millert
Copy link
Collaborator

millert commented Oct 20, 2021

Great. My best guess is that for older kernels the glibc getentropy() emulation is failing. Perhaps the kernel is too old to support getrandom(). I'll just disable the use of getentropy() in sudo on Linux by default.

@timbz
Copy link
Author

timbz commented Oct 20, 2021
edited
Loading

Makes sense. According to this getrandom() was introduced in 3.17. A lot of phones ported to PostmaketOS run old kernels. My samsung S2 is running 3.0.101. Thanks for your help

millert added a commit that referenced this issue Oct 20, 2021
@millert
Use our own getentropy() by default on Linux.
00e53b3 
The glibc getentropy() emulation will fail on older kernels that
don't support getrandom().
Also use sudo_fatal() instead of sending SIGKILL on getentropy() failure.
GitHub issue #117.
@millert
Copy link
Collaborator

millert commented Oct 20, 2021

Closing now that 00e53b3 has been committed.

@millert millert closed this as completed Oct 20, 2021
@timbz
Copy link
Author

timbz commented Oct 20, 2021

Is there going to be a new tag that includes this fix?

@millert
Copy link
Collaborator

millert commented Oct 20, 2021

I wasn't planning on one anytime soon. It is easy to workaround by just telling configure you don't have getentropy.

@Grimler91 Grimler91 mentioned this issue Oct 28, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@millert @timbz