[sudo-commits] sudo changeset 12799:ea19d0073c02

Todd C. Miller Todd.Miller at sudo.ws
Mon Jan 11 05:32:11 MST 2021


changeset:	12799:ea19d0073c02 in /raid/repos/sudo
details:	https://www.sudo.ws/repos/sudo/rev/ea19d0073c02
user:		Todd C. Miller <Todd.Miller at sudo.ws>
date:		Wed Jan 06 10:16:00 2021 -0700

Log Message:
	Fix potential directory existing info leak in sudoedit.
	When creating a new file, sudoedit checks to make sure the parent
	directory exists so it can provide the user with a sensible error
	message.  However, this could be used to test for the existence of
	directories not normally accessible to the user by pointing to them
	with a symbolic link when the parent directory is controlled by the
	user.  Problem reported by Matthias Gerstner of SUSE.

diffstat:

 src/sudo_edit.c |  29 ++++++++++++++++++++++++-----
 1 files changed, 24 insertions(+), 5 deletions(-)



More information about the sudo-commits mailing list