[sudo-workers] Possible vulnerability?
Archaic
archaic at linuxfromscratch.org
Tue Oct 25 19:33:35 EDT 2005
Debian is reporting unsafe passage of SHELLOPTS and PS4. I did not find
any info in the wev CVS, nor your other lists. After removing all the
debian-specific stuff, here's the patch:
diff -Naur sudo-1.6.8p9.orig/env.c sudo-1.6.8p9/env.c
--- sudo-1.6.8p9.orig/env.c 2005-02-06 15:37:01.000000000 +0000
+++ sudo-1.6.8p9/env.c 2005-10-25 22:55:45.000000000 +0000
@@ -89,6 +89,8 @@
static const char *initial_badenv_table[] = {
"IFS",
"CDPATH",
+ "SHELLOPTS",
+ "PS4",
"LOCALDOMAIN",
"RES_OPTIONS",
"HOSTALIASES",
Please advise as to your position on 1) the vulnerability, and 2) the
proposed fix.
Thanks!
--
Archaic
Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs
More information about the sudo-workers
mailing list