Your message dated Tue, 02 Mar 2010 21:46:45 +0000 with message-id <e1nmzvr-0007uy...@ries.debian.org> and subject line Bug#570737: fixed in sudo 1.7.2p1-1.2 has caused the Debian Bug report #570737, regarding sudoedit permission in sudoers grants permission to any sudoedit executables to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 570737: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: sudo Version: 1.6.9p17-2 Severity: grave Tags: security Justification: user security hole My understanding is that permission to sudoedit is granted by a line in the sudoer file like this: user1 ALL = sudoedit /etc/network/interfaces This works as expected (because the string sudoedit is a special case), eg us...@host1:~$ sudoedit /etc/network/interfaces However, it also appears to grant access to sudo any executable called 'sudoedit' (if the appropriate parameters are passed in). For example, a user executable in the home directory called sudoedit: #!/bin/sh whoami can be invoked (and reports 'root') using us...@host1:~$ sudo ./sudoedit /etc/network/interfaces I had expected (because sudoedit is a special case string) that it should not match anything apart from invoking /usr/bin/sudoedit. This problem was encountered with build 1.6.9p17 of sudo on a Debian Lenny system. The issue was pointed out by 'slouching' on linuxquestions.org. He also reported that this problem did not occur on an earlier version sudo-1.6.8p12-12.el5. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.30-bpo.1-686 (SMP w/1 CPU core) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/bash Versions of packages sudo depends on: ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii libpam-modules 1.0.1-5+lenny1 Pluggable Authentication Modules f ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l sudo recommends no packages. sudo suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: sudo Source-Version: 1.7.2p1-1.2 We believe that the bug you reported is fixed in the latest version of sudo, which is due to be installed in the Debian FTP archive: sudo-ldap_1.7.2p1-1.2_i386.deb to main/s/sudo/sudo-ldap_1.7.2p1-1.2_i386.deb sudo_1.7.2p1-1.2.diff.gz to main/s/sudo/sudo_1.7.2p1-1.2.diff.gz sudo_1.7.2p1-1.2.dsc to main/s/sudo/sudo_1.7.2p1-1.2.dsc sudo_1.7.2p1-1.2_i386.deb to main/s/sudo/sudo_1.7.2p1-1.2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 570...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Giuseppe Iuculano <iucul...@debian.org> (supplier of updated sudo package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 02 Mar 2010 14:57:17 +0100 Source: sudo Binary: sudo sudo-ldap Architecture: source i386 Version: 1.7.2p1-1.2 Distribution: unstable Urgency: high Maintainer: Bdale Garbee <bd...@gag.com> Changed-By: Giuseppe Iuculano <iucul...@debian.org> Description: sudo - Provide limited super user privileges to specific users sudo-ldap - Provide limited super user privileges to specific users Closes: 570737 Changes: sudo (1.7.2p1-1.2) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Fixed CVE-2010-0426: verify path for the 'sudoedit' pseudo-command (Closes: #570737) Checksums-Sha1: bef937b63ce375f08adca5745a511becd15fa954 1019 sudo_1.7.2p1-1.2.dsc 73bc550026087a946d7590a126336bb080ae6a3e 20929 sudo_1.7.2p1-1.2.diff.gz dbbb8984aee80d03705a95230cd12a9343569933 307152 sudo_1.7.2p1-1.2_i386.deb 6a434a17a914e30628c7eee3cfc8860ba1ef8b8e 331348 sudo-ldap_1.7.2p1-1.2_i386.deb Checksums-Sha256: 45731dc7b414befbf626c2071c18b9c725e6c429fc0fa41dd2e32cebd147037b 1019 sudo_1.7.2p1-1.2.dsc 6aae87ba4529f3e80e877b2859e484a09555bcd54dbf8b6d2ba415736524bdd5 20929 sudo_1.7.2p1-1.2.diff.gz 0654c02fe4ef66f1d7335693c22faa1388e07fb8a946e0c2ef6930f5d964a611 307152 sudo_1.7.2p1-1.2_i386.deb 730a83755e2c080919b702a21e5aac8eacc48d45a9c4a59f22f07ddae78f3c3b 331348 sudo-ldap_1.7.2p1-1.2_i386.deb Files: 8668204d997c4edab70ec115aa0ccecd 1019 admin optional sudo_1.7.2p1-1.2.dsc fa77830a7e7a23619fb56ab415f096bc 20929 admin optional sudo_1.7.2p1-1.2.diff.gz 5260ede46dd575d64cf388a51ed977db 307152 admin optional sudo_1.7.2p1-1.2_i386.deb 0967b64bb63c5ed3773a6274e7142031 331348 admin optional sudo-ldap_1.7.2p1-1.2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuNa5UACgkQNxpp46476apv5gCdECC9xFkWRPq7gvJVI6xIN2/I fgMAnjnD4OZFrSchmwMKjq94ytAdkQri =NgEt -----END PGP SIGNATURE-----
--- End Message ---
