From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 13 Jan 1998 04:10:08 +0000 (+0000)
Subject: commands can start with ./* not just /* -- fixes a serious security hole.
X-Git-Tag: SUDO_1_5_4~13
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ab9b352455ccbb9a1d2d0ab21bb76680d8f6f73d;p=sudo

commands can start with ./* not just /* -- fixes a serious security hole.
---

diff --git a/parse.c b/parse.c
index c92f91290..5e90c52b1 100644
--- a/parse.c
+++ b/parse.c
@@ -218,7 +218,7 @@ int command_matches(cmnd, user_args, path, sudoers_args)
     static char *c;
 
     /* don't bother with pseudo commands like "validate" */
-    if (*cmnd != '/')
+    if (*cmnd != '/' && *cmnd != '.')
 	return(FALSE);
 
     /* only need to stat cmnd once since it never changes */