[sudo-workers] Possible vulnerability?

Todd C. Miller Todd.Miller at courtesan.com
Wed Oct 26 20:13:29 EDT 2005

In message <20051025233335.GE12787 at linuxfromscratch.org>
	so spake Archaic (archaic):

> Debian is reporting unsafe passage of SHELLOPTS and PS4. I did not find
> any info in the wev CVS, nor your other lists. After removing all the
> debian-specific stuff, here's the patch:

Yes, I saw that go over bugtraq.  The patch looks OK though you don't
need to rebuild sudo, a line like:

    Defaults	env_delete+="PS4 SHELLOPTS"

at the top of sudoers would do it.  I'll have an official patch out

 - todd

More information about the sudo-workers mailing list