[blfs-book] r9256 - trunk/BOOK/postlfs/security

andy at linuxfromscratch.org andy at linuxfromscratch.org
Wed Feb 1 05:33:04 PST 2012


Author: andy
Date: 2012-02-01 06:33:00 -0700 (Wed, 01 Feb 2012)
New Revision: 9256

Modified:
   trunk/BOOK/postlfs/security/sudo.xml
Log:
patch sudo to fix a security problem

Modified: trunk/BOOK/postlfs/security/sudo.xml
===================================================================
--- trunk/BOOK/postlfs/security/sudo.xml	2012-01-30 17:10:15 UTC (rev 9255)
+++ trunk/BOOK/postlfs/security/sudo.xml	2012-02-01 13:33:00 UTC (rev 9256)
@@ -59,6 +59,14 @@
       </listitem>
     </itemizedlist>
 
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Required patch: <ulink
+        url="&patch-root;/sudo-&sudo-version;-fprintf_debug-1.patch"/></para>
+      </listitem>
+    </itemizedlist>
+
     <bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Optional</bridgehead>
@@ -84,7 +92,8 @@
     <para>Install <application>sudo</application> by running
     the following commands:</para>
 
-<screen><userinput>./configure --prefix=/usr \
+<screen><userinput>patch -p1 < ../sudo-&sudo-version;-fprintf_debug-1.patch &&
+./configure --prefix=/usr \
             --libexecdir=/usr/lib \
             --with-ignore-dot \
             --with-all-insults \
@@ -106,6 +115,11 @@
   <sect2 role="commands">
     <title>Command Explanations</title>
 
+    <para><command>patch -p1 < ...</command>: This patch fixes a
+    vulnerability in the debugging code in sudo versions 1.8.0 through 1.8.3p1
+    that can be used to crash sudo or potentially allow an unauthorized user to
+    achieve root privileges.</para>
+
     <para><option>--with-ignore-dot</option>: This switch causes
     <application>sudo</application> to ignore '.' in the PATH.</para>
 




More information about the blfs-book mailing list