[sudo-workers] LDAP secret issue
Barron, Danny
danny.barron at eds.com
Tue Apr 22 16:03:28 EDT 2008
In order to keep sudoer information private, I've given users no read
ability, but rather attempted to use rootbinddn and /etc/ldap.secret to
enable sudo to use a priviledged account that can read ldap sudo
entries. From my testing, the sudo_ldap_read_secret function doesn't
work as it should. The line that reads:
if ((cp = strchr(buf, '\n')) != NULL)
Actually doesn't end up copying the first carriage return delimited
string from /etc/ldap.secret, it ends up pointed to the carriage return,
I believe. Perhaps a call to strtok might be more appropriate ? Ideas
?
More information about the sudo-workers
mailing list