[sudo-users] security bug -- sudo undefines functions in environment

Tim Bradshaw tfb at tfeb.org
Thu Sep 25 14:47:48 MDT 2014


I have been worrying about this: it does seem to me that, so long as the function-stripping thing works and env_reset (or equivalent) is set, things are probably not worse than they were already, which is clearly quite bad enough.  Does anyone have any other news about this? (with regards to sudo specifically, I mean, not bash, and probably other Unix shells, in general, which is a security catastrophe we've all been ignoring for far too long I think).

--tim


On 25 Sep 2014, at 16:46, Shawn McMahon <syberghost at gmail.com> wrote:

> So, good thing sudo does this; otherwise Shellshock would be a worse
> disaster than it already is.
> 
> Ten years ahead of your time, Todd. Thanks!
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users




More information about the sudo-users mailing list