[sudo-commits] sudo changeset 12939:593ce9fdf5dd
Todd C. Miller
Todd.Miller at sudo.ws
Tue Feb 9 13:53:16 MST 2021
changeset: 12939:593ce9fdf5dd in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/593ce9fdf5dd
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Wed Jan 06 10:16:00 2021 -0700
Log Message:
Add security checks before using temp files for SELinux RBAC sudoedit.
Otherwise, it may be possible for the user running sudoedit to
replace the newly-created temporary files with a symbolic link and
have sudoedit set the owner of an arbitrary file.
Problem reported by Matthias Gerstner of SUSE.
diffstat:
src/copy_file.c | 69 ++++++++++++++++++++++++++----------
src/sesh.c | 27 +++++++++-----
src/sudo_edit.c | 104 ++++++++++++++++++++++++++++++++++++-------------------
src/sudo_exec.h | 4 +-
4 files changed, 137 insertions(+), 67 deletions(-)
More information about the sudo-commits
mailing list