Re: hole in sudo for MP-RAS.

From: Todd C. Miller (Todd.Millerat_private)
Date: Mon Jan 12 1998 - 20:02:51 PST

Next message: dsiebertat_private: "Re: hole in sudo for MP-RAS."

Previous message: Cy Schubert - ITSD Open Systems Group: "Re: hole in sudo for MP-RAS."
Maybe in reply to: osirisat_private: "hole in sudo for MP-RAS."
Next in thread: dsiebertat_private: "Re: hole in sudo for MP-RAS."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The real problem is that there is an assumption in the path
matching code that things will start with '/' but they can
also, of course, start with '.'.  Here's the "official" patch
if you will...

 - todd

--- parse.c     1996/11/14 02:37:16     1.76
+++ parse.c     1998/01/13 03:59:35
@@ -218,7 +218,7 @@
     static char *c;

     /* don't bother with pseudo commands like "validate" */
-    if (*cmnd != '/')
+    if (*cmnd != '/' && *cmnd != '.')
        return(FALSE);

     /* only need to stat cmnd once since it never changes */

Next message: dsiebertat_private: "Re: hole in sudo for MP-RAS."
Previous message: Cy Schubert - ITSD Open Systems Group: "Re: hole in sudo for MP-RAS."
Maybe in reply to: osirisat_private: "hole in sudo for MP-RAS."
Next in thread: dsiebertat_private: "Re: hole in sudo for MP-RAS."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:46 PDT