Re: Re: Todd Miller Sudo local root exploit discovered by Slouch
I believe what andy was alluding to was, why post on bugtraq with a subject Sudo local exploit discovered. Its not a sudo local root exploit, its an exploit in a misconfigured sudo file. You can post it as a new exploit technique for a misconfiguration, and i'm sure all the vuln and pen guys would be happy.
In my opinion, its a good technique to check for and i will use it in my arsenal of things to look for in terms of admin misconfigs but since its not in the default config on sudo, you'd have to e an idiot to not fully path out a commnd you are giving root access for...
Anyway think about how you phrase things next time.