tags #985307 confirmed thanks On Mon, Mar 15, 2021 at 06:11:14PM +0100, Dennis Filder wrote: > While looking into #783889 I noticed that the sudo binary shipped in > sudo-ldap does not use setresuid. The changelog entry for 1.8.2-1 > reads: "drop --disable-setresuid since modern systems should not run > 2.2 kernels", but apparently only the first configure statement in > d/rules was changed.
Thanks for spotting this. This bug was even taken over to the experimental branch where ... > Using a variable for common options should prevent such accidents in > the future. ... the common options ARE in a variable, but --disable-setresuid was explicitly set for sudo-ldap. I committed a fix, but this is not going to be in bullseye. Greetings Marc