Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Problems with packages on a netbsd-6 sparc



>> +    memcpy(cp, pw, sizeof(struct passwd));
>>      newpw =3D (struct passwd *) cp;
>> -    memcpy(newpw, pw, sizeof(struct passwd));

> Why not avoid the non-intuitive memcpy() all together all the time
> and just let the compiler do its job????

>       newpw =3D pw;

Well, *newpw = *pw;, but otherwise, yeah...

> (of course the memory allocation hack there in sudo should be fixed
> too, or maybe sudo should just be thrown in the trash and left there
> :-))

That's what I would do with it.  I once looked at setting up sudo for
one of my paid jobs.  Here's the report I wrote for the person who
asked me to set it up, edited to remove internal stuff that it isn't my
place to reveal, fix up formatting (the copy of this I'm working from
has been forcibly mangled by a ticket system that insists on shoving
Webpage interfaces around everything), and even fix two typos.  But the
basic content is accurate.  This is dated 2011-11-01.

    First problem:

    I went looking to see where sudo came from.  Even with my
    half-assed Web skillz, I quickly found four different webpages each
    of which seemed to think it was the real sudo webpage; given what
    sudo is, I was inclined to trust none of them.

    After some asking around on an external IRC channel, I settled on
    sudo.ws as probably correct.

    Second problem:

    The thing is friggin' enormous. It's got dynamic loading and
    plugins and a whole raft of crap that has no business anywhere near
    a central part of a security system.  It's drunk the
    configure-script koolaid, which is a disaster I've ranted about
    elsewhere.  But this was for work, which historically doesn't care
    about that sort of security issue, so I ignored all that.

    Third problem:

    I got it built and installed. I set up a rudimentary sudoers file
    which you can still find in [target machine]'s /etc/sudoers as of
    this writing; the only non-comment lines are

        root ALL=(ALL) ALL
        Defaults:root env_editor
        %infs ALL=(ALL) ALL

    visudo is happy with this.  But when I run sudo itself, even as
    root, I get

    sudo: >>> /etc/sudoers: syntax error near line 1 <<<
    Segmentation fault

    I did some debugging and got nowhere.  /etc/sudoers is parsed with
    a lex-and-yacc parser; I added debugging at the stdio level and
    found it reads the whole file, then at the tokenizer level and
    found it errors after getting only one token (which is COMMENT).

    At this point I decided to ask the list for help.  So I sent mail
    to sudo-workers-request%sudo.ws@localhost to subscribe.

    Fourth problem:

    The mail got stuck in [my] mailq saying "Connection reset by
    sudo.ws.".  A manual run of the mailq reveals that it seems to be
    under the impression I'm a spam sender:

    sudo-workers-request%sudo.ws@localhost... Connecting to sudo.ws. via 
esmtp...
    220 core.courtesan.com ESMTP spamd IP-based SPAM blocker; Tue Nov  1 
16:27:35 2011
    >>> EHLO Sparkle.Rodents-Montreal.ORG
    250 Hello, spam sender. Pleased to be wasting your time.
    >>> MAIL From:<mouse%Sparkle.Rodents-Montreal.ORG@localhost>
    250 You are about to try to deliver spam. Your time will be spent, for 
nothing.
    >>> RCPT To:<sudo-workers-request%sudo.ws@localhost>
    250 This is hurting you more than it is hurting me.
    >>> DATA
    451 Temporary failure, please try again later.
    >>> QUIT
    sudo-workers-request%sudo.ws@localhost... Deferred: Connection reset by 
sudo.ws.
    Closing connection to sudo.ws.

    Now, I am - or at least was - listed by SORBS, because I refuse to
    consider their abuse attempts anything but, well, abuse attempts.
    And there are still a few places left that block based on SORBS.
    So I tried from [that workplace's mailserver]:

    [(hostname)] 1> telnet 64.85.164.38 smtp
    Trying 64.85.164.38...
    Connected to courtesan.com.
    Escape character is '^]'.
    220 core.courtesan.com ESMTP spamd IP-based SPAM blocker; Tue Nov  1 
16:33:00 2011
    helo (mailserver's FQDN)
    250 Hello, spam sender. Pleased to be wasting your time.

    I didn't bother going any further, since it seems to be of the
    opinion that [that mailserver] is a spam source too [...].

    At this point, I am inclined to throw sudo out completely.  It has
    failed catastrophically at design, at implementation, and at
    support.

    [...]

(I failed to think of and thus neglected to mention "distribution"
among the things sudo failed at.)

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Home | Main Index | Thread Index | Old Index