Package: release-notes Severity: important Tags: security X-Debbugs-Cc: Debian Security Team <[email protected]>
Hi, I would like to ask the release notes team whether we should, while a technical solution is pending, add language regarding #1126085 to the trixie release notes (and maybe also to the bookworm release notes) that the sudo in those stable releases won't read /etc/sudoers.d files that contain colons in their file name, like /etc/sudoers.d/10_dsa::util::sudo[dfsg-team-role] but instead wrongly report "no such file or directory". Adam correctly points out that this behavior of sudo might either cause system breakage or introduce security flaws because files that used to be processed in the past are not processed any more. I concur with his judgement that #1126085 is an RC bug. I am willing to provide a paragraph for the release notes if you indicate that this would be a good workaround while we wait for upstream to comment whether there might be a better technical solution for the issue. Greetings Marc
