People are concerned about 'sudo' and MALLOC_CHECK_ variable. Anybody could run anything exporting it with "=1", but suid and sgid binaries don't work with it.
>From `info malloc`: There is one problem with `MALLOC_CHECK_': in SUID or SGID binaries it could possibly be exploited since diverging from the normal programs behavior it now writes something to the standard error descriptor. Therefore the use of MALLOC_CHECK_' is disabled by default for SUID and SGID binaries. It can be enabled again by the system administrator by adding a file `/etc/suid-debug' (the content is not important it could be empty). It means I could 'touch /etc/suid-debug'. FYI: this bug caught me too; I'm an idiot, because my root has no password. lol -- Hardy: "invalid pointer: 0xb7ef4b70" no program will start. https://bugs.launchpad.net/bugs/201673 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
