Re: hole in sudo for MP-RAS.

Todd C. Miller (Todd.Miller@COURTESAN.COM)
Mon, 12 Jan 1998 21:02:51 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: dsiebert@ICAEN.UIOWA.EDU: "Re: hole in sudo for MP-RAS."
Previous message: Cy Schubert - ITSD Open Systems Group: "Re: hole in sudo for MP-RAS."
Maybe in reply to: osiris@COURIER.CB.LUCENT.COM: "hole in sudo for MP-RAS."
Next in thread: dsiebert@ICAEN.UIOWA.EDU: "Re: hole in sudo for MP-RAS."

The real problem is that there is an assumption in the path
matching code that things will start with '/' but they can
also, of course, start with '.'. Here's the "official" patch
if you will...

- todd

--- parse.c 1996/11/14 02:37:16 1.76
+++ parse.c 1998/01/13 03:59:35
@@ -218,7 +218,7 @@
static char *c;

/* don't bother with pseudo commands like "validate" */
- if (*cmnd != '/')
+ if (*cmnd != '/' && *cmnd != '.')
return(FALSE);

/* only need to stat cmnd once since it never changes */

Next message: dsiebert@ICAEN.UIOWA.EDU: "Re: hole in sudo for MP-RAS."
Previous message: Cy Schubert - ITSD Open Systems Group: "Re: hole in sudo for MP-RAS."
Maybe in reply to: osiris@COURIER.CB.LUCENT.COM: "hole in sudo for MP-RAS."
Next in thread: dsiebert@ICAEN.UIOWA.EDU: "Re: hole in sudo for MP-RAS."