From: Todd C. Miller Date: Sat, 17 Aug 1996 23:43:41 +0000 (+0000) Subject: fixed up some wording X-Git-Tag: SUDO_1_5_0~7 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=37501445873dd058e60ae102c4f1aea3055e5477;p=sudo fixed up some wording --- diff --git a/sudo.pod b/sudo.pod index a3e22f580..0dbb1cd59 100644 --- a/sudo.pod +++ b/sudo.pod @@ -118,9 +118,13 @@ currently unreachable. =head1 SECURITY NOTES B tries to be safe when executing external commands. -To this end the C, C, C (HP-UX only), +Variables that control how dynamic loading and binding is +done can be used to subvert the program that B runs. +To combat this the C, C (HP-UX only), C (AIX only), and C<_RLD_*> environmental variables are removed from the environment passed on to all commands executed. +B will also remove the C, C, C +and C variables as they too can pose a threat. To prevent command spoofing, B checks "." and "" (both denoting current directory) last when searching for a command @@ -151,13 +155,12 @@ would be unable to get them back out. To get around this issue you can use a directory that is not world-writable for the timestamps (F for instance). -To keep users from creating their own timestamp files -(by creating the timestamp directory before B -is first run and then using chmod and chown to set -the ownership and mode to a combination B -will accept) with timestamps far in the future B -will not honor any timestamp with a date greater than -current_time + 2 * C. +C will not honor timestamp files set far in the +future. Timestamp files with a date greater than +current_time + 2 * C will be ignored and +sudo will log the anomaly. This is done to keep a user +from creating his/her own timestamp file with a bogus +date. =head1 FILES