Red Hat Bugzilla – Bug 903020
sudoers containing specially crafted aliases causes segfault of visudo
Last modified: 2013-02-21 04:45:14 EST
Description of problem:
Sudoers file containing specially crafted aliases causes segfault of visudo.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. cat <<EOF >>/etc/sudoers
User_Alias YYY = FOO
User_Alias XXX = nobody
User_Alias FOO = XXX,YYY
FOO ALL=(ALL) NOPASSWD: ALL
2. visudo -c
3. echo $?
2. visudo: Warning: cycle in User_Alias `FOO'
Segmentation fault (core dumped)
No segfault, works
If you insert these aliases with "visudo" it will segfault and changes won't store. Unfortunatelly when you store this arbitrary code by some other tool (vim, cat, ...) you won't be able to delete it with visudo because of segfault.
This should be easily fixable. I'll try to prepare a patch ASAP.
Created attachment 685835 [details]
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.