[sudo-workers] Possible vulnerability?

Archaic archaic at linuxfromscratch.org
Tue Oct 25 19:33:35 EDT 2005

Debian is reporting unsafe passage of SHELLOPTS and PS4. I did not find
any info in the wev CVS, nor your other lists. After removing all the
debian-specific stuff, here's the patch:

diff -Naur sudo-1.6.8p9.orig/env.c sudo-1.6.8p9/env.c
--- sudo-1.6.8p9.orig/env.c     2005-02-06 15:37:01.000000000 +0000
+++ sudo-1.6.8p9/env.c  2005-10-25 22:55:45.000000000 +0000
@@ -89,6 +89,8 @@
 static const char *initial_badenv_table[] = {
+    "PS4",

Please advise as to your position on 1) the vulnerability, and 2) the
proposed fix.



Want control, education, and security from your operating system?
Hardened Linux From Scratch

More information about the sudo-workers mailing list