/etc/sudoers can be destroyed
Bug #74553 reported by
Rich Johnson
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| smb4k (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Edgy |
Won't Fix
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: smb4k
smb4k has a bug in the 0.7 releases that allows the application to change the /etc/sudoers file.
Upstream Bug:
http://
Package in Debian includes:
* New upstream release
This version fixes a grave security bug present in all 0.7 versions with
sudoers file management.
Debian changelog:
http://
Revision history for this message
| Rich Johnson (nixternal) wrote | #1 |
Revision history for this message
| Kees Cook (kees) wrote | #2 |
Revision history for this message
| Rich Johnson (nixternal) wrote | #3 |
Revision history for this message
| Kees Cook (kees) wrote | #4 |
| Changed in smb4k: | |
| importance: | Undecided → Low |
| status: | Unconfirmed → Confirmed |
Revision history for this message
| Kees Cook (kees) wrote | #5 |
| Changed in smb4k: | |
| importance: | Undecided → Low |
| status: | Unconfirmed → Confirmed |
| importance: | Low → Undecided |
| status: | Confirmed → Rejected |
Revision history for this message
| William Grant (wgrant) wrote | #6 |
| Changed in smb4k: | |
| status: | Confirmed → Won't Fix |
To post a comment you must log in.
Thanks for putting this together!
This debdiff looks like a full diff between 0.7.1 and 0.7.5. For doing security updates, we only do minimal security patches, which should be limited to the specific problem with version 0.7.1. If you can extract, backport to 0.7.1, build, and test the fixes, then we can go from that debdiff. Since edgy is stable, we can't be doing large code changes to it, unfortunately. :(
Would you be able to isolate the specific patch that fixes the problem and give it some testing?