oss-sec mailing list archives
Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)
From: Dave Horsfall <dave () horsfall org>
Date: Wed, 27 Jan 2021 20:31:51 +1100 (EST)
I think that's a very fair point. Also it seems the development trend in sudo is to actually increase complexity even more and adding all kinds of features that really should not be part of a suid tool, see e.g. https://computingforgeeks.com/better-secure-new-sudo-release/
I just happen to have a very much simplified version called "ssu"; I worked on it and fixed a few gaping security holes... They should have been obvious to any novice programmer (which said idiot^2 boss was not).
-- Dave
Current thread:
- Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Qualys Security Advisory (Jan 26)
- Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Hanno Böck (Jan 27)
- Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Dave Horsfall (Jan 27)
- Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) Hanno Böck (Jan 27)