[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)
From:       Dave Horsfall <dave () horsfall ! org>
Date:       2021-01-27 9:31:51
Message-ID: alpine.BSF.2.21.9999.2101272010280.36435 () aneurin ! horsfall ! org
[Download RAW message or body]

> I think that's a very fair point. Also it seems the development trend in 
> sudo is to actually increase complexity even more and adding all kinds 
> of features that really should not be part of a suid tool, see e.g. 
> https://computingforgeeks.com/better-secure-new-sudo-release/

I just happen to have a very much simplified version called "ssu"; I 
worked on it and fixed a few gaping security holes...  They should have 
been obvious to any novice programmer (which said idiot^2 boss was not).

-- Dave
[prev in list] [next in list] [prev in thread] [next in thread]