1748284 Members
3500 Online
108761 Solutions
New Discussion юеВ

Re: sudo Signal 11

 
VKV
Advisor

Sudo memorydump

Hi UNIX gurus,

 

I am trying to provide sudo access to a uaer ID test. The following is what I added in sudoers file.

 

Defaults timestampdir=/var/adm/sudo
###########################################
User_Alias DC_MIGRATION = test
Cmnd_Alias CMND_DCM_UNIX = /usr/sbin/cmviewcl, \
        /usr/bin/crontab -[elr]*, !/usr/bin/crontab -[er] root,\
        /usr/bin/du, \
        /usr/bin/g*zip, \
        /usr/contrib/bin/g*zip, \
        /usr/bin/strings /etc/lvmtab, \
        /usr/sbin/fstyp, \
        /usr/sbin/ifconfig -a, \
        /usr/sbin/mount, \
        /opt/OV/bin/OpC/opcagt, \
        /opt/perf/bin/mwa, \
        /opt/perf/bin/ovpa, \
        /opt/perf/bin/perfstat, \
        /usr/bin/ls, \
        /usr/bin/sar, \
        /usr/bin/diff, \
        /usr/bin/mailx, \
        /usr/sbin/dmesg, \
        /usr/sbin/ioscan *, \
        /usr/bin/ls, \
        /usr/lbin/getprpw, \
        /usr/bin/top, \
        /usr/sbin/diskinfo, \
        /usr/sbin/swapinfo, \
        /usr/sbin/lvlnboot -v, \
        /usr/bin/find, !/usr/bin/find *-exec*, \
        /usr/sbin/*parstatus, \
        /usr/sbin/vgexport -p -v
DC_MIGRATION ALL = CMND_DCM_UNIX

On loging in as user test sudo -l is working fine.

 

{test@server:/home/test}sudo -l
Password:
Matching Defaults entries for test on this host:
    log_output, logfile=/var/adm/sudo/sudo.log, timestampdir=/var/adm/sudo

Runas and Command-specific defaults for test:

User test may run the following commands on this host:
    (root) /usr/sbin/cmviewcl, /usr/bin/crontab -[elr]*, !/usr/bin/crontab -[er] root, /usr/bin/du, /usr/bin/g*zip, /usr/contrib/bin/g*zip, /usr/bin/strings /etc/lvmtab,
    /usr/sbin/fstyp, /usr/sbin/ifconfig -a, /usr/sbin/mount, /opt/OV/bin/OpC/opcagt, /opt/perf/bin/mwa, /opt/perf/bin/ovpa, /opt/perf/bin/perfstat, /usr/bin/ls, /usr/bin/sar,
    /usr/bin/diff, /usr/bin/mailx, /usr/sbin/dmesg, /usr/sbin/ioscan *, /usr/bin/ls, /usr/lbin/getprpw, /usr/bin/top, /usr/sbin/diskinfo, /usr/sbin/swapinfo, /usr/sbin/lvlnboot
    -v, /usr/bin/find, !/usr/bin/find *-exec*, /usr/sbin/*parstatus, /usr/sbin/vgexport -p -v -s -m *

 

But when the user issues sudo <command> he gets the following error.


{test@server:/home/test}sudo /usr/sbin/dmesg
Memory fault(coredump)

Could any of you please help?

 

Thanks

 

 

5 REPLIES 5
Dennis Handly
Acclaimed Contributor

Re: sudo Signal 11

>{test@server:/home/test}sudo /usr/sbin/dmesg

 

You have a corefile so use gdb to debug it:

$ gdb path-to-sudo/sudo core

(gdb) bt

(gdb) info reg

(gdb) disas $pc-16*4 $pc+16*4

(gdb) quit

Matti_Kurkela
Honored Contributor

Re: sudo Signal 11

First use the "file core" command to see whether the core was produced by sudo or by dmesg. The error message does not exactly tell which one it was.

MK
VKV
Advisor

Re: Sudo memorydump

Sorry for the late reply. It was a long weekend here in Australia.

 

 

Hi Dennis,

 

> You have a corefile so use gdb to debug it:

 

I could not find any core file. The sudo website (http://www.sudo.ws/sudo/man/1.8.6/sudoers.man.html) talks about /etc/sudo.conf file. I think this entry need to be set to false to enable coredump.

 

#   Set disable_coredump true

 

However I could not find this file either which is OK as per sudo website.

 

 

Hi MK,

 

> First use the "file core" command to see whether the core was produced by sudo or by dmesg.

 

Any command prefixed with sudo generates the coredump error.

 

{test@server:/home/test}sudo /usr/sbin/mount

Memory fault(coredump)

 

But when I reduced the number the number of commands in the Cmnd_Alias section sudo is working.

 

Now my suoders file looks like

 

####################

User_Alias DC_MIGRATION = test

Cmnd_Alias CMND_DCM_UNIX = /usr/sbin/cmviewcl, \

        /usr/sbin/vgexport -p -v -s -m *, \

        /usr/sbin/diskinfo *, \

        /usr/sbin/dmesg

DC_MIGRATION ALL = CMND_DCM_UNIX

 

I donтАЩt think it was a syntax error earlier as I always used visudo тАУs to edit the file. I will continue to add commands as per user requirement and post if I find a тАЬthresholdтАЭ on number of commands.

Meanwhile please share your thoughts.

Dennis Handly
Acclaimed Contributor

Re: sudo Signal 11

>I could not find any core file.

 

It's there somewhere.  The following means you got one:  Memory fault(coredump)

If you use coreadm(1m), that could place it elsewhere.

 

>Any command prefixed with sudo generates the coredump error. ...

>But when I reduced the number the number of commands in the Cmnd_Alias section sudo is working.

 

Then it is likely sudo that's aborting.

Matti_Kurkela
Honored Contributor

Re: Sudo memorydump

It sure seems like you're hitting some kind of a threshold in sudo, quite possibly in the Cmnd_Alias length.

 

What is your sudo version (please run "sudo -V |head")?

 

(I'm guessing that you might have an old version of sudo, which might contain a bug that is already fixed in newer versions.)

MK