[sudo-commits] sudo changeset 10980:b5460cbbb11b

Todd C. Miller Todd.Miller at courtesan.com
Tue May 30 09:13:23 MDT 2017

changeset:	10980:b5460cbbb11b in /raid/repos/sudo
details:	https://www.sudo.ws/repos/sudo/rev/b5460cbbb11b
user:		Todd C. Miller <Todd.Miller at courtesan.com>
date:		Mon May 29 14:32:53 2017 -0600

Log Message:
	Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when
	the process name contains spaces.  Since the user has control over
	the command name this could be used by a user with sudo access to
	overwrite an arbitrary file.
	Thanks to Qualys for investigating and reporting this bug.

	Also stop performing a breadth-first traversal of /dev when looking
	for the device.  Only the directories specified in search_devs[]
	are checked.


 src/ttyname.c |  141 ++++++++++++++++++++++++---------------------------------
 1 files changed, 60 insertions(+), 81 deletions(-)

More information about the sudo-commits mailing list