[10782] in bugtraq
unneeded information in sudo
daemon@ATHENA.MIT.EDU (Samuel Mikes)
Thu Jun 10 14:44:19 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <14174.47611.284315.675421@klapaucius.hip.berkeley.edu>
Date: Wed, 9 Jun 1999 12:01:15 -0700
Reply-To: Samuel Mikes <smikes@alumni.hmc.edu>
From: Samuel Mikes <smikes@ALUMNI.HMC.EDU>
X-To: Bencsath Boldizsar <boldi@BUDAPEST.HU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.10.9906082113100.25130-100000@sas.fph.hu>
>> "Bencsath" == Bencsath Boldizsar <boldi@BUDAPEST.HU> writes:
Bencsath> Sudo (debian , v1.5.6p2-2) tells anyone if a file exists or
Bencsath> not. It's not a very big problem, but when i set a
Bencsath> directory _not_ accessible to anyone but root, I want to
Bencsath> make sure, nobody knows what files are in it. Both
Bencsath> executable and not executables- if there is no file: No
Bencsath> such file or directory, if it exists: permission denied if
Bencsath> not executable, You are not in sudoers if executable.
This problem has been known for over a year -- probably longer.
Everyone agrees that it's wrong behavior in sudo; nobody has felt
motivated enough to write a patch for it.
If you contact sudo-bugs@courtesan.com or sudo-workers (also at
courtesan?), they'll tell you all about it.
Cheers,
--
Sam Mikes
smikes@alumni.hmc.edu
