Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 64347

Summary: app-admin/sudo: Sudoedit can expose file contents
Product: Gentoo Security Reporter: Alin Năstac (RETIRED) <mrness>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.sudo.ws/sudo/alerts/sudoedit.html
Whiteboard: A4 [stable] krispy
Package list:
Runtime testing required: ---

Description Alin Năstac (RETIRED) gentoo-dev 2004-09-16 22:11:36 UTC
Summary:
A flaw in exists in sudo's -u option (aka sudoedit) in sudo version 1.6.8 that can give an attacker read permission to a file that would otherwise be unreadable.
Sudo versions affected:
1.6.8 only

Details:
While sudoedit runs the actual editor as the invoking user, the temporary file is then re-opened with root privileges. An attacker can run sudoedit, remove the editor temporary file, make a link to an unreadable file with the same name as the old temporary file and quit the editor. The file being edited via sudoedit will now contain a copy of the previously unreadable file.

Impact:
Exploitation of the bug requires that the sudoers file be configured to allow the attacker to run sudoedit. If no users have been granted access to sudoedit 
there is no impact.
Fix:
The bug is fixed in sudo 1.6.8p1.
Comment 1 Dan Margolis (RETIRED) gentoo-dev 2004-09-16 22:41:47 UTC
CC'ing aliz@gentoo.org. Unsure who the maintainer is on this one. 
Comment 2 Daniel Ahlberg (RETIRED) gentoo-dev 2004-09-17 09:01:25 UTC
No maintining or using, but I've added 1.6.8_p1 (with KEYWORDS="-*") to the tree.
Comment 3 Dan Margolis (RETIRED) gentoo-dev 2004-09-17 09:13:37 UTC
Thanks, aliz. 

Archs, please mark stable. 
Comment 4 Dan Margolis (RETIRED) gentoo-dev 2004-09-17 09:48:27 UTC
On re-reading, this doesn't affect the version of sudo in portage. 

Sorry about that, guys. I owe you all a beer.