Port-sparc archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Problems with packages on a netbsd-6 sparc
>> + memcpy(cp, pw, sizeof(struct passwd));
>> newpw =3D (struct passwd *) cp;
>> - memcpy(newpw, pw, sizeof(struct passwd));
> Why not avoid the non-intuitive memcpy() all together all the time
> and just let the compiler do its job????
> newpw =3D pw;
Well, *newpw = *pw;, but otherwise, yeah...
> (of course the memory allocation hack there in sudo should be fixed
> too, or maybe sudo should just be thrown in the trash and left there
> :-))
That's what I would do with it. I once looked at setting up sudo for
one of my paid jobs. Here's the report I wrote for the person who
asked me to set it up, edited to remove internal stuff that it isn't my
place to reveal, fix up formatting (the copy of this I'm working from
has been forcibly mangled by a ticket system that insists on shoving
Webpage interfaces around everything), and even fix two typos. But the
basic content is accurate. This is dated 2011-11-01.
First problem:
I went looking to see where sudo came from. Even with my
half-assed Web skillz, I quickly found four different webpages each
of which seemed to think it was the real sudo webpage; given what
sudo is, I was inclined to trust none of them.
After some asking around on an external IRC channel, I settled on
sudo.ws as probably correct.
Second problem:
The thing is friggin' enormous. It's got dynamic loading and
plugins and a whole raft of crap that has no business anywhere near
a central part of a security system. It's drunk the
configure-script koolaid, which is a disaster I've ranted about
elsewhere. But this was for work, which historically doesn't care
about that sort of security issue, so I ignored all that.
Third problem:
I got it built and installed. I set up a rudimentary sudoers file
which you can still find in [target machine]'s /etc/sudoers as of
this writing; the only non-comment lines are
root ALL=(ALL) ALL
Defaults:root env_editor
%infs ALL=(ALL) ALL
visudo is happy with this. But when I run sudo itself, even as
root, I get
sudo: >>> /etc/sudoers: syntax error near line 1 <<<
Segmentation fault
I did some debugging and got nowhere. /etc/sudoers is parsed with
a lex-and-yacc parser; I added debugging at the stdio level and
found it reads the whole file, then at the tokenizer level and
found it errors after getting only one token (which is COMMENT).
At this point I decided to ask the list for help. So I sent mail
to sudo-workers-request%sudo.ws@localhost to subscribe.
Fourth problem:
The mail got stuck in [my] mailq saying "Connection reset by
sudo.ws.". A manual run of the mailq reveals that it seems to be
under the impression I'm a spam sender:
sudo-workers-request%sudo.ws@localhost... Connecting to sudo.ws. via
esmtp...
220 core.courtesan.com ESMTP spamd IP-based SPAM blocker; Tue Nov 1
16:27:35 2011
>>> EHLO Sparkle.Rodents-Montreal.ORG
250 Hello, spam sender. Pleased to be wasting your time.
>>> MAIL From:<mouse%Sparkle.Rodents-Montreal.ORG@localhost>
250 You are about to try to deliver spam. Your time will be spent, for
nothing.
>>> RCPT To:<sudo-workers-request%sudo.ws@localhost>
250 This is hurting you more than it is hurting me.
>>> DATA
451 Temporary failure, please try again later.
>>> QUIT
sudo-workers-request%sudo.ws@localhost... Deferred: Connection reset by
sudo.ws.
Closing connection to sudo.ws.
Now, I am - or at least was - listed by SORBS, because I refuse to
consider their abuse attempts anything but, well, abuse attempts.
And there are still a few places left that block based on SORBS.
So I tried from [that workplace's mailserver]:
[(hostname)] 1> telnet 64.85.164.38 smtp
Trying 64.85.164.38...
Connected to courtesan.com.
Escape character is '^]'.
220 core.courtesan.com ESMTP spamd IP-based SPAM blocker; Tue Nov 1
16:33:00 2011
helo (mailserver's FQDN)
250 Hello, spam sender. Pleased to be wasting your time.
I didn't bother going any further, since it seems to be of the
opinion that [that mailserver] is a spam source too [...].
At this point, I am inclined to throw sudo out completely. It has
failed catastrophically at design, at implementation, and at
support.
[...]
(I failed to think of and thus neglected to mention "distribution"
among the things sudo failed at.)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index