[sudo-commits] sudo changeset 14477:2ca90805f471
Todd C. Miller
Todd.Miller at sudo.ws
Wed Jan 18 08:07:44 MST 2023
changeset: 14477:2ca90805f471 in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/2ca90805f471
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Thu Jan 12 15:55:27 2023 -0700
Log Message:
sudoedit: do not permit editor arguments to include "--" (CVE-2023-22809)
We use "--" to separate the editor and arguments from the files to edit.
If the editor arguments include "--", sudo can be tricked into allowing
the user to edit a file not permitted by the security policy.
Thanks to Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com) for finding this bug.
diffstat:
plugins/sudoers/editor.c | 19 ++++++++++++++-----
plugins/sudoers/sudoers.c | 25 ++++++++++++++++++-------
plugins/sudoers/visudo.c | 8 ++++++--
3 files changed, 38 insertions(+), 14 deletions(-)
More information about the sudo-commits
mailing list