[sudo-commits] sudo changeset 12799:ea19d0073c02
Todd C. Miller
Todd.Miller at sudo.ws
Mon Jan 11 05:32:11 MST 2021
changeset: 12799:ea19d0073c02 in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/ea19d0073c02
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Wed Jan 06 10:16:00 2021 -0700
Log Message:
Fix potential directory existing info leak in sudoedit.
When creating a new file, sudoedit checks to make sure the parent
directory exists so it can provide the user with a sensible error
message. However, this could be used to test for the existence of
directories not normally accessible to the user by pointing to them
with a symbolic link when the parent directory is controlled by the
user. Problem reported by Matthias Gerstner of SUSE.
diffstat:
src/sudo_edit.c | 29 ++++++++++++++++++++++++-----
1 files changed, 24 insertions(+), 5 deletions(-)
More information about the sudo-commits
mailing list