Closed kwitaszczyk closed 2 years ago
In multiuser mode, logged in via SSH as a non-root user, I see:
robert@cheri-blossom:~ % sudo echo hi
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
In-address space security exception
But, investigating, this appears to be a property of having my password field in /etc/master.passwd be “*”.
Further, I wonder if it might be a PAM issue rather than a sudo issue, as passwd(1) gives the following in the same situation:
robert@cheri-blossom:~ % passwd
Changing local password for robert
Old Password:
In-address space security exception
With a password set, no problem:
robert@cheri-blossom:~ % passwd
Changing local password for robert
Old Password:
New Password:
Retype New Password:
So I wonder if this is about “*” processing rather than about sudo, as well.
Tagging @brooksdavis, as probably we will want to file a CheriBSD issue.
With *
as root password, su
also fails:
kw543@morello7-dev:~ $ su
Password:
In-address space security exception
kw543@morello7-dev:~ $
Steps to debug:
su
and don't type in anything:
kw543@morello7-dev:~ $ su
Password:
continue
.su
.Program received signal SIGPROT, CHERI protection violation
Capability tag fault.
_rtld_tlsdesc_dynamic () at /local/scratch/jenkins/workspace/CheriBSD-pipeline_main/cheribsd/libexec/rtld-elf/aarch64/rtld_start.S:234
234 /local/scratch/jenkins/workspace/CheriBSD-pipeline_main/cheribsd/libexec/rtld-elf/aarch64/rtld_start.S: No such file or directory.
(gdb) disas /r 0x000000004014c0d0,+4
Dump of assembler code from 0x4014c0d0 to 0x4014c0d4:
=> 0x000000004014c0d0 <_rtld_tlsdesc_dynamic+8>: 40 00 40 c2 .inst 0xc2400040 ; undefined
End of assembler dump.
(gdb) shell /home/kw543/bin/disas 0xc2400040
0: 40 00 40 c2 ldr c0, [c2, #0]
(gdb) info register c0 c1 c2 c3 c4
c0 0xb05fc0003c0780040000000040cec990 0x40cec990 [rxRE,0x40cc0000-0x40cfe000]
c1 0xdc5d4000708070500000000040c87050 0x40c87050 [rwRW,0x40c87050-0x40c87080]
c2 0x4 0x4
c3 0xb05fc000bc0780040000000040cd911d 0x40cd911d <crypt_des+1> [rxRE,0x40cc0000-0x40cfe000] (sentry)
c4 0xdc5fc0001fa71fa00000000040978030 0x40978030 [rwRWE,0x408fd000-0x40afd000]
(gdb)
Probable fix at https://github.com/CTSRD-CHERI/cheribsd/pull/1429 (thanks to @jrtc27 for sleuthing)
Can someone confirm this is now fixed on dev
?
@bukinr reported that sudo crashes with a CHERI exception when trying to remount a read-only root file system:
After changing a root file system entry in fstab to
rw
, the issue is gone.