[sudo-workers] Possible vulnerability?
Todd C. Miller
Todd.Miller at courtesan.com
Wed Oct 26 20:13:29 EDT 2005
In message <20051025233335.GE12787 at linuxfromscratch.org>
so spake Archaic (archaic):
> Debian is reporting unsafe passage of SHELLOPTS and PS4. I did not find
> any info in the wev CVS, nor your other lists. After removing all the
> debian-specific stuff, here's the patch:
Yes, I saw that go over bugtraq. The patch looks OK though you don't
need to rebuild sudo, a line like:
Defaults env_delete+="PS4 SHELLOPTS"
at the top of sudoers would do it. I'll have an official patch out
soonish.
- todd
More information about the sudo-workers
mailing list