[sudo-users] Rating a Security alert - problem with negated entries.

highc at stny.rr.com highc at stny.rr.com
Tue May 4 17:44:16 EDT 2010

Sudo team;
   Please advise if I should post this concern to a different thread.

   The company I work for takes the security alerts listed at 
very seriously, which is good.  The unfortunate side effect is that any 
bug fix which is not listed there is deemed to be 'functional' only.

   The bug:
2009-11-23 10:56  millert
         * match.c: cmnd_matches() already deals with negation so
	_cmndlist_matches() does not need to do so itself.  Fixes a bug
	with negated entries in a Cmnd_List.
which I believe was fixed in 1.7.2p2,

is causing some potential security breaches in my environment, and I'm 
having a hard time getting the 'right' sort of attention.  Would it be 
possible to have this item listed on the above web page as a security 

In general, we find folks can do some fairly 'awesome' things which the 
system adminstrators had previously locked down with some '!'ed sudoers 

Thanks for your consideration.

Support anti-Spam legislation.
Join the fight http://www.cauce.org/

More information about the sudo-users mailing list