Bug#570737: checked

The update has come through Debian Lenny, and sudoedit now works as expected (sudo version 1.6.9p17). Thanks for the fix. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#570737: sudoedit permission in sudoers grants permission to any sudoedit executables

Todd Miller has patched this in the upstream version (released as 1.7.2p4) patch to 1.6 set http://sudo.ws/repos/sudo/rev/f86e1b56d074 patch to 1.7 set http://sudo.ws/repos/sudo/rev/88f3181692fe -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of

Bug#570737: sudoedit permission in sudoers grants permission to any sudoedit executables

Package: sudo Version: 1.6.9p17-2 Severity: grave Tags: security Justification: user security hole My understanding is that permission to sudoedit is granted by a line in the sudoer file like this: user1 ALL = sudoedit /etc/network/interfaces This works as expected (because the string