[sudo-commits] sudo changeset 11898:7207f993d347

Todd C. Miller Todd.Miller at sudo.ws
Sun Nov 3 06:50:21 MST 2019


changeset:	11898:7207f993d347 in /raid/repos/sudo
details:	https://www.sudo.ws/repos/sudo/rev/7207f993d347
user:		Todd C. Miller <Todd.Miller at sudo.ws>
date:		Sat Nov 02 10:51:49 2019 -0600

Log Message:
	Call closefrom() before we change to a non-root UID.
	This prevents another process from changing the NOFILE resource limit
	of the child process and defeating the closefrom() call.
	Reported by Joe Vennix from Apple Information Security.

diffstat:

 src/exec.c     |  48 ++++++++++++++++++++++++++++++------------------
 src/tgetpass.c |   3 ++-
 2 files changed, 32 insertions(+), 19 deletions(-)


More information about the sudo-commits mailing list