From: Michael Shigorin <mike@osdn.org.ua>
To: community@lists.altlinux.org
Subject: [Comm] Fwd: Re: [devel] Дырка в sudo
Date: Sun, 13 Nov 2005 19:48:37 +0200
Message-ID: <20051113174837.GQ16364@osdn.org.ua> (raw)
[-- Attachment #1: Type: text/plain, Size: 1048 bytes --]
FYI
----- Forwarded message from "Dmitry V. Levin" <ldv/altlinux.org> -----
Date: Sat, 12 Nov 2005 16:19:51 +0300
From: "Dmitry V. Levin" <ldv/altlinux.org>
To: ALT Devel discussion list <devel/lists.altlinux.org>
Subject: Re: [devel] Дырка в sudo
On Sat, Nov 12, 2005 at 10:40:14PM +1200, Alexey Borovskoy wrote:
> Добрый вечер.
>
> Вот сегодня пришло.
>
> http://www.security.nnov.ru/Hdocument190.html
> http://www.security.nnov.ru/Kdocument36.html
> http://www.security.nnov.ru/Kdocument204.html
>
> Уязвимо sudo до версии 1.6.8p12.
Запретительная политика (перечисление запрещённых переменных) принципиально
ущербна.
Настоятельно рекомендую использовать env_reset+env_keep.
В очередной сборке sudo (если доберусь) я планирую включить
env_reset по умолчанию.
Выпускать обновления с пополнениями встроенного списка запрещённых
переменных я не планирую.
--
ldv
----- End forwarded message -----
--
---- WBR, Michael Shigorin <mike@altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
reply other threads:[~2005-11-13 17:48 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051113174837.GQ16364@osdn.org.ua \
--to=mike@osdn.org.ua \
--cc=community@lists.altlinux.org \
--cc=shigorin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git