Path to this page:
Subject: CVS commit: pkgsrc/security/opendoas
From: pin
Date: 2021-11-26 09:40:40
Message id: 20211126084040.6E733FAEC@cvs.NetBSD.org
Log Message:
security/opendoas: update to 6.8.1
-This release fixes one major issue that has been assigned CVE-2019-25016.
Rules that allowed the user to execute any command would inherit the
executing users PATH instead of resetting it to a default PATH.
The path will now be correctly reset (d5acd52) to the defined default PATH.
Those rules still allow the user to execute any program from their PATH
but executed commands won't inherit the users PATH anymore.
Rules that limit the user to execute only a specific command are not affected
by this and are only executed from the default PATH and with the PATH
environment variable set to the safe default.
Other changes are:
-apply missing man page changes
-Fixes to the configuration parser 2d7431c, 01ac841 and 36cc28e
-Minor documentation and error message wording changes.
Files: