Bugtraq mailing list archives
Re: hole in sudo for MP-RAS.
From: Todd.Miller () COURTESAN COM (Todd C. Miller)
Date: Mon, 12 Jan 1998 21:02:51 -0700
The real problem is that there is an assumption in the path
matching code that things will start with '/' but they can
also, of course, start with '.'. Here's the "official" patch
if you will...
- todd
--- parse.c 1996/11/14 02:37:16 1.76
+++ parse.c 1998/01/13 03:59:35
@@ -218,7 +218,7 @@
static char *c;
/* don't bother with pseudo commands like "validate" */
- if (*cmnd != '/')
+ if (*cmnd != '/' && *cmnd != '.')
return(FALSE);
/* only need to stat cmnd once since it never changes */
Current thread:
- Again: perl version of that tin opener (IOS decrypt.c), (continued)
- Again: perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- bug in Solaris 2.6 security logging Ruth Milner [VLA] (Jan 12)
- Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- [SIGNED] Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- KSR[T] Advisory #6: deliver KSR[T] (Jan 12)
- Re: KSR[T] Advisory #6: deliver Chip Salzenberg (Jan 12)
- hole in sudo for MP-RAS. osiris () COURIER CB LUCENT COM (Jan 12)
- Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 13)
- Re: hole in sudo for MP-RAS. dsiebert () ICAEN UIOWA EDU (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- CPSN 9:971208: Solaris /var Permission Problems CPIO Advisory Role Account (Jan 12)