Package: sudo Version: 1.8.27-1+deb10u1 Severity: important Tags: patch upstream
Dear Maintainer, Entries in sudoers files that include * do not behave like shell globs. When mistakenly used in the argument list it can expand to protected content, such as /etc/shadow. Most users do not expect this. This patch adds regex style matching to sudoers to improve security and tighten the available input. Patch available here: <https://github.com/edneville/sudo/commit/a57e01ab75734016082b2e5e0a90cf5a20b5e047> -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: default Versions of packages sudo depends on: ii libaudit1 1:2.8.4-3 ii libc6 2.28-10 ii libpam-modules 1.3.1-5 ii libpam0g 1.3.1-5 ii libselinux1 2.8-1+b1 ii lsb-base 10.2019051400 sudo recommends no packages. sudo suggests no packages. -- Configuration Files: /etc/sudoers [Errno 13] Permission denied: '/etc/sudoers' /etc/sudoers.d/README [Errno 13] Permission denied: '/etc/sudoers.d/README' -- no debconf information