Red Hat Bugzilla – Bug 829263
Sudo has racecondition leaving sudo with its zombie child running forever
Last modified: 2013-07-03 09:15:47 EDT
Description of problem:
Sometimes when running a command using sudo, it never finishes. In that case the executed command already exited and is left as Zombie which is never collected by sudo.
Version-Release number of selected component (if applicable):
From what I see the problem occurs in around one of hundred, but heavily relies on the workload of the systems.
Steps to Reproduce:
1. Run a command with sudo
Sometimes sudo does not exit.
Sudo should exit after the command is finished.
The problem is a race in sudos code when spawning its child process. It opens a socket to its child for receiving input from the child. However if a taskswitch occurs right after the child was spawned and the child finished before control is returned to the sudo-parent, the parentprocess waits indefinitly in a select()-call reading from the child pipe.
The full problem is explained in detail in this blogpost: http://blog.famzah.net/2010/11/01/sudo-hangs-and-leaves-the-executed-program-as-zombie/
The problem was reported upstream in the project bugzilla under ID 447 (http://www.gratisoft.us/bugzilla/show_bug.cgi?id=447) and was fixed in sudo versions 1.7.5 and 1.8.0.
The solution is to simply add a timeout to the select()-call and should be a low impact patch to the current EL5-version of sudo.
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
I think sudo is that kind of security tool which should receive an update/patch whenever a problem exists. That race descriped here cannot be used to gain higher privileges, but can be used to flood the system with zombies very easily.
You write that no update is scheduled for EL5, however, the last sudo-update was just 2 weeks ago, adding a patch for CVE-2012-2337 (see rhbz#829766).
(In reply to comment #2)
> I think sudo is that kind of security tool which should receive an
> update/patch whenever a problem exists. That race descriped here cannot be
> used to gain higher privileges, but can be used to flood the system with
> zombies very easily.
> You write that no update is scheduled for EL5, however, the last sudo-update
> was just 2 weeks ago, adding a patch for CVE-2012-2337 (see rhbz#829766).
we're working on addressing this issue in 5.8.z, so this issue should be fixed soon.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Prior to this update, a race condition bug existed in sudo. When a program was executed with sudo, the program could possibly exit successfully before sudo started waiting for it. In this situation, the program would be left in a zombie state and sudo would wait for it endlessly, expecting it to still be running.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.