[sudo-workers] LDAP issue
Eric Haszlakiewicz
erh+sudo at nimenees.com
Tue Jan 22 16:52:25 EST 2008
On Tue, Jan 22, 2008 at 02:49:37PM -0500, Newman, Edward (GTI) wrote:
> Been trying out 1.7b1 and had issue with LDAP. Appears that
> /etc/ldap.conf is default to "'/etc/ldap.conf'" (note double quotes
> around single quotes). This causes ldap.conf to be not found. Please
> remove single quotes from pathnames.h.
>
hmm... does that mean that it actually ends up trying to open ./'/ldap.conf'
from whatever directory you happen to run it from? Does being able to specify
your own ldap config file lead to a security breach? If so, has this been
present long enough to warrant a security advisory?
eric
More information about the sudo-workers
mailing list