[sudo-commits] sudo changeset 12800:8fcb36ef422a

Todd C. Miller Todd.Miller at sudo.ws
Mon Jan 11 05:32:12 MST 2021

changeset:	12800:8fcb36ef422a in /raid/repos/sudo
details:	https://www.sudo.ws/repos/sudo/rev/8fcb36ef422a
user:		Todd C. Miller <Todd.Miller at sudo.ws>
date:		Wed Jan 06 10:16:00 2021 -0700

Log Message:
	Add security checks before using temp files for SELinux RBAC sudoedit.
	Otherwise, it may be possible for the user running sudoedit to
	replace the newly-created temporary files with a symbolic link and
	have sudoedit set the owner of an arbitrary file.
	Problem reported by Matthias Gerstner of SUSE.


 src/copy_file.c |   35 ++++++++++++++++++-
 src/sesh.c      |   27 +++++++++-----
 src/sudo_edit.c |  104 ++++++++++++++++++++++++++++++++++++-------------------
 src/sudo_exec.h |    4 +-
 4 files changed, 121 insertions(+), 49 deletions(-)

More information about the sudo-commits mailing list