> The #else portion of the code may be fine, I haven't studied it extensively
I doubt this, it relies on comparing inode numbers and devices numbers returned by lstat() and fstat(). lstat() just like O_FOLLOW only considers the final component of the path. If it's a symlink, it returns data about the symlink otherwise it returns data about the file (even though it's accessed through symlinks). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1512781 Title: CVE-2015-5602 - Unauthorized Privilege Escalation To manage notifications about this bug go to: https://bugs.launchpad.net/sudo/+bug/1512781/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
