Date: Mon, 06 Nov 2023 10:59:06 -0700 From: "Todd C. Miller" <Todd.Miller@...o.ws> To: oss-security@...ts.openwall.com Subject: Re: Session File Relative Path Traversal in sudo-rs On Mon, 06 Nov 2023 16:53:27 +0100, Jakub Wilk wrote: > The original sudo implementation is affected too: > https://github.com/sudo-project/sudo/commit/7363ad7b3230b7b0 > > https://ferrous-systems.com/blog/sudo-rs-audit/ says it's "a lower > security severity due to [sudo's] use of the openat function", but I > can't see how openat() would help. That is correct, openat() does not prevent opening a relative (or absolute) pathname. Sudo 1.9.15, released today, includes the commit you reference above. I consider this to be very low impact as it requires the ability to create a user with a name that would be treated as an absolute or relative pathname. - todd
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.