[sudo-users] security bug -- sudo undefines functions in environment
Tim Bradshaw
tfb at tfeb.org
Thu Sep 25 14:47:48 MDT 2014
I have been worrying about this: it does seem to me that, so long as the function-stripping thing works and env_reset (or equivalent) is set, things are probably not worse than they were already, which is clearly quite bad enough. Does anyone have any other news about this? (with regards to sudo specifically, I mean, not bash, and probably other Unix shells, in general, which is a security catastrophe we've all been ignoring for far too long I think).
--tim
On 25 Sep 2014, at 16:46, Shawn McMahon <syberghost at gmail.com> wrote:
> So, good thing sudo does this; otherwise Shellshock would be a worse
> disaster than it already is.
>
> Ten years ahead of your time, Todd. Thanks!
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list