[sudo-commits] sudo changeset 10977:d5dd22356194

Todd C. Miller Todd.Miller at courtesan.com
Tue May 30 09:08:56 MDT 2017

changeset:	10977:d5dd22356194 in /raid/repos/sudo
details:	https://www.sudo.ws/repos/sudo/rev/d5dd22356194
user:		Todd C. Miller <Todd.Miller at courtesan.com>
date:		Mon May 29 14:32:53 2017 -0600

Log Message:
	Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when
	the process name contains spaces.  Since the user has control over
	the command name this could be used by a user with sudo access to
	overwrite an arbitrary file.
	Thanks to Qualys for investigating and reporting this bug.

	Also stop performing a breadth-first traversal of /dev when looking
	for the device.  Only the directories specified in search_devs[]
	are checked.


 src/ttyname.c |  141 ++++++++++++++++++++++++---------------------------------
 1 files changed, 60 insertions(+), 81 deletions(-)

More information about the sudo-commits mailing list