As I read http://www.securityfocus.com/bid/13171/discussion/ , which has
been assigned CVE id CAN-2005-1119, this is a security hole because
visodo is not limited to editing /etc/sudoers. With the -f switch, it
can be made to edit some other file; if that other file is in a
directory to which an attacker has write access, they can overwrite
arbitrary files via a symlink attack.
Still fairly theoretical, but I wanted to note that this is
CAN-2005-1119 ..
--=20
see shy jo
--0F1p//8PRICkK4MW
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden>
Date: Tue, 3 May 2005 22:52:41 -0400
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: CAN-2005-1119
--0F1p//8PRICkK4MW Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
As I read http:// www.securityfoc us.com/ bid/13171/ discussion/ , which has
been assigned CVE id CAN-2005-1119, this is a security hole because
visodo is not limited to editing /etc/sudoers. With the -f switch, it
can be made to edit some other file; if that other file is in a
directory to which an attacker has write access, they can overwrite
arbitrary files via a symlink attack.
Still fairly theoretical, but I wanted to note that this is
CAN-2005-1119 ..
--=20
see shy jo
--0F1p//8PRICkK4MW pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
HehbQuO8RAiBgAK CiubC4WTlJeuc0f MSZXJ1suW5EdgCf XIKQ E5mCept5pZmEdUo =
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCeDj5d8H
YzIjM6k+
=p7vS
-----END PGP SIGNATURE-----
--0F1p/ /8PRICkK4MW- -