[LON-CAPA-dev] sudo

Scott Harrison lon-capa-dev@mail.lon-capa.org
Tue, 05 Feb 2002 22:22:02 -0500

> The security hole is in all versions < 1.6.4. Thus the powertools rpm
> is actually safe.

I had not been aware of a common powertools update repository.

I had been looking at

Instead of

For more information on the sudo ChangeLog, please visit
By using the custom-rolled RPM, we are avoiding the following

Sudo 1.6.5 released.

467) Visudo could access memory that was already freed.

468) If the skey.access file denied use of plaintext passwords sudo
would exit instead of allowing the user to enter an S/Key.

Sudo 1.6.5p1 released.

469) Older versions of BSDi have getifaddrs() but no freeifaddrs().

470) BSDi has a fake setreuid() as do certain versions of FreeBSD and

471) Ignore the return value of pam_setcred().  In Linux-PAM 0.75,
pam_setcred() will return PAM_PERM_DENIED even if the setcred function
of the module succeeds when pam_authenticate() has not been called.

472) Avoid giving PAM a NULL password response, use the empty string
This avoids a log warning when the user hits ^C at the password prompt
when Linux-PAM is in use.  This also prevents older versions of
Linux-PAM from dereferencing the NULL pointer.

473) The user's password was not zeroed after use when AIX
BSD authentication, FWTK or PAM was in use.

Sudo 1.6.5p2 released.

474) Fixed compilation problem on HP-UX 9.x.