Update CVE list with Sudoedit-related CVE's #1188
Conversation
docs/sudo-cve.md
Outdated
| [^20]: Sudo-rs doesn't use a "stringly typed" interface between the execution and policy modules. | ||
| [^21]: Rust memory safety should prevent this, sudo-rs doesn't allow `-s` and `-e` to be combined, and sudo-rs | ||
| doesn't "unescape" program arguments in the sudoers module | ||
| [^22]: Sudo-rs uses pipes to communicate between the root process and the child process running the editor |
There was a problem hiding this comment.
The thing that matters here is that the child process is unprivileged. Also technically I used a unix socket rather than a pipe as only the former has a safe api in the standard library that is available on our MSRV.
There was a problem hiding this comment.
Feel free to add a commit to this PR rephrasing that footnote
There was a problem hiding this comment.
I don't think that for the mentioned CVE the privileged/unprivileged nature of the child process is really relevant, by the way.
There was a problem hiding this comment.
This CVE wouldn't have been possible if the code reading the edited file back was unprivileged.
There was a problem hiding this comment.
Right, I was focussing on the original file, not the temporary one.
This moves CVE's that were listed as "non applicable" to the "applicable" category. One CVE remains inapplicable, for a few others we are already not vulnerable (simply by having a different architecture). Two remain on our radar.
Issues that need to be closed before this can become non-draft:
#1186,#1187