[Expired for sudo (Ubuntu) because there has been no activity for 60 days.]
** Changed in: sudo (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/2019496 Title: Security implications of SUDO_ASKPASS Status in sudo package in Ubuntu: Expired Bug description: All that is needed to subvert sudo is adding this line to ~/.bashrc alias sudo="SUDO_ASKPASS=/home/$USER/.config/git/doevil sudo -A" and a program that reads the password from the command line and makes use of it. Ignoring the SUDO_ASKPASS environment variable would be an option to stop this. Best regards Heinrich To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2019496/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp