On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote: > Reco <recovery...@gmail.com> writes: > > True, you need to add to the picture that curious user who just read on > > Bugtraq or Full Disclosure about fresh vulnerability in sudo. Or that > > disgruntled user who needs /etc/system changed right here and now. Or > > that developer who needs to do this 'small change, nobody will notice' > > on a production server. > > And if you don't have such people there - good for you, as here we can > > always find such person here. > > You also have to add to the picture such a vulnerability, and I haven't > noticed any.
If we're speaking of public vulnerabilities: CVE-2010-0427. CVE-2013-1775 (allows bypass sudoders modification to retain root privileges). I have no knowledge about private 0days. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131028134702.GA23316@x101h