[sudo-commits] sudo changeset 10980:b5460cbbb11b
Todd C. Miller
Todd.Miller at courtesan.com
Tue May 30 09:13:23 MDT 2017
changeset: 10980:b5460cbbb11b in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/b5460cbbb11b
user: Todd C. Miller <Todd.Miller at courtesan.com>
date: Mon May 29 14:32:53 2017 -0600
Log Message:
Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when
the process name contains spaces. Since the user has control over
the command name this could be used by a user with sudo access to
overwrite an arbitrary file.
Thanks to Qualys for investigating and reporting this bug.
Also stop performing a breadth-first traversal of /dev when looking
for the device. Only the directories specified in search_devs[]
are checked.
diffstat:
src/ttyname.c | 141 ++++++++++++++++++++++++---------------------------------
1 files changed, 60 insertions(+), 81 deletions(-)
More information about the sudo-commits
mailing list