Re: Bug is sudo?

[imp () VILLAGE ORG (Warner Losh)]

In message <Pine.LNX.3.96.980626031539.9457A-100000 () is-so elite nu> Rhodie writes:
: I was messing arround with sudo when i found out that you can check to see
: if there is a file that can be exec'd by root, even if you don't have the
: privlages. IE: You can check to see if there is a program, in the root
: path, that you can't see (maybe can and its just easyer to do it this
: way).

Not quite.  Sudo uses the current value of $PATH to determine where to
run a program or not.  Root's "path" isn't even consulted.

: So? you say, well, you can check to see if there is something to play with
: that root has hidden....

You can use this to find out if there are files of a given name in
directories that you cannot otherwise ls.  You still cannot actually
execute them, and if you guess right, mail goes to root.

So this isn't a huge deal, but it is a leak in information.

BTW, did you send this to the sudo list before broadcasting it to
bugtraq to give Todd Miller a change to fix it or at least reply to
you?  He's very good about investigating potential problems with sudo
and something like this I'd imagine he'd be keen on fixing ASAP.

Warner