[Expired for sudo (Ubuntu) because there has been no activity for 60
days.]
** Changed in: sudo (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2019496
Title:
Security implications of SUDO_ASKPASS
Status in sudo package in Ubuntu:
Expired
Bug description:
All that is needed to subvert sudo is adding this line to ~/.bashrc
alias sudo="SUDO_ASKPASS=/home/$USER/.config/git/doevil sudo -A"
and a program that reads the password from the command line and makes
use of it.
Ignoring the SUDO_ASKPASS environment variable would be an option to
stop this.
Best regards
Heinrich
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2019496/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
