[sudo-commits] sudo changeset 12800:8fcb36ef422a
Todd C. Miller
Todd.Miller at sudo.ws
Mon Jan 11 05:32:12 MST 2021
changeset: 12800:8fcb36ef422a in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/8fcb36ef422a
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Wed Jan 06 10:16:00 2021 -0700
Log Message:
Add security checks before using temp files for SELinux RBAC sudoedit.
Otherwise, it may be possible for the user running sudoedit to
replace the newly-created temporary files with a symbolic link and
have sudoedit set the owner of an arbitrary file.
Problem reported by Matthias Gerstner of SUSE.
diffstat:
src/copy_file.c | 35 ++++++++++++++++++-
src/sesh.c | 27 +++++++++-----
src/sudo_edit.c | 104 ++++++++++++++++++++++++++++++++++++-------------------
src/sudo_exec.h | 4 +-
4 files changed, 121 insertions(+), 49 deletions(-)
More information about the sudo-commits
mailing list