sudo vulnerability

Archaic archaic at
Tue Oct 25 16:37:26 PDT 2005

After digging around, I couldn't find any info other than what debian
gave. I've weeded out their extra junk and made an LFS-conforming patch
for anyone who uses sudo. I've also emailed the sudo list for their take
on this vulnerability and it's proposed fix.


Want control, education, and security from your operating system?
Hardened Linux From Scratch

-------------- next part --------------
Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
Date: 2005-10-25
Initial Package Version: 1.6.8p9
Upstream Status: Sent
Description: (CVE-2005-2959) Tavis Ormandy noticed that sudo does not clean the
             environment sufficiently. The SHELLOPTS and PS4 variables are
             dangerous and are still passed through to the program running as
             privileged user. This can result in the execution of arbitrary
             commands as privileged user when a bash script is executed.

diff -Naur sudo-1.6.8p9.orig/env.c sudo-1.6.8p9/env.c
--- sudo-1.6.8p9.orig/env.c     2005-02-06 15:37:01.000000000 +0000
+++ sudo-1.6.8p9/env.c  2005-10-25 22:55:45.000000000 +0000
@@ -89,6 +89,8 @@
 static const char *initial_badenv_table[] = {
+    "PS4",

More information about the lfs-security mailing list