Tuesday, 3 September 2013

Funny sudo bug

Around a month ago i was performing a task where i needed to create a user with a very large UID in the system. The required UID happened to be 2147483648 (0x80000000) exactly.

root@hive:~# adduser -u 2147483648 test1
Next i switched to the newly created user and typed sudo.
test1@hive:/$ su test1
test1@hive:/$ sudo
And this was the result:
test1@hive:/$ sudo
sudo: perm stack underflow: Invalid argument
sudo: unknown uid: 2147483647
Segmentation fault
We can see here that the UID value was wrapped to the 2147483647 value (0x7fffffff) followed by a segfault.

We can have some fun with it e.g. creating a user with the 0x7fffffff UID. This way sudo will no longer crash, but it will be called for a different user : ). The bug was tested on the 1.8.5p2 version 32-bit OS. Additional details can be found in the bug report.
Posted by at 20:54 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)