shameless self-promoting website
»Rejourn root
Posted Saturday, 17 January 2009 by Miklos
Tags: en hacking

Quoting a mail I just sent to Miller:

,,It seems I hit a bug in sudo-1.7.0 (at least I can't reproduce it with 1.6.9p17):

$ sudo chown vmiklos /etc/sudoers $ sudo false sudo: /etc/sudoers is owned by uid 1003, should be 0 Segmentation fault

According to gdb, it seem to be a nullpointer-dereference bug, and given that it is reproducible only in case the permission and/or owner is wrong, I don't think it has a security impact. But who knows. ;)''

We'll see how does he handle the problem.