[LON-CAPA-dev] sudo
Scott Harrison
lon-capa-dev@mail.lon-capa.org
Tue, 05 Feb 2002 22:22:02 -0500
> The security hole is in all versions < 1.6.4. Thus the powertools rpm
> is actually safe.
I had not been aware of a common powertools update repository.
I had been looking at
ftp://mirror.pa.msu.edu/linux/redhat/redhat-6.2-en/powertools/i386/i386/
Instead of
ftp://mirror.pa.msu.edu/linux/redhat/linux/updates/6.2/en/powertools/i386/
For more information on the sudo ChangeLog, please visit
http://www.courtesan.com/sudo/changes.html
By using the custom-rolled RPM, we are avoiding the following
bugs.
Sudo 1.6.5 released.
467) Visudo could access memory that was already freed.
468) If the skey.access file denied use of plaintext passwords sudo
would exit instead of allowing the user to enter an S/Key.
Sudo 1.6.5p1 released.
469) Older versions of BSDi have getifaddrs() but no freeifaddrs().
470) BSDi has a fake setreuid() as do certain versions of FreeBSD and
NetBSD.
471) Ignore the return value of pam_setcred(). In Linux-PAM 0.75,
pam_setcred() will return PAM_PERM_DENIED even if the setcred function
of the module succeeds when pam_authenticate() has not been called.
472) Avoid giving PAM a NULL password response, use the empty string
instead.
This avoids a log warning when the user hits ^C at the password prompt
when Linux-PAM is in use. This also prevents older versions of
Linux-PAM from dereferencing the NULL pointer.
473) The user's password was not zeroed after use when AIX
authentication,
BSD authentication, FWTK or PAM was in use.
Sudo 1.6.5p2 released.
474) Fixed compilation problem on HP-UX 9.x.