On Fri, 2015-12-25 at 03:09 +0000, Ben Hutchings wrote: > On Fri, 2015-12-25 at 02:53 +0000, Ben Hutchings wrote: > > Control: reopen -1 > > > > On Thu, 24 Dec 2015 05:19:31 +0000 Bdale Garbee <bd...@gag.com> wrote: > > > Source: sudo > > > Source-Version: 1.8.15-1 > > > > > > We believe that the bug you reported is fixed in the latest version of > > > sudo, which is due to be installed in the Debian FTP archive. > > [...] > > > > As Raphael already explained, the upstream change doesn't fix this. > > It *does* add a new configuration option, sudoedit_checkdir, which if > enabled will defeat this attack. However, the upstream default is that > it's disabled. Perhaps this should be changed in the Debian package?
Actually, that option doesn't work either. Ben. -- Ben Hutchings All extremists should be taken out and shot.
signature.asc
Description: This is a digitally signed message part
