b0786052d8
-This release fixes one major issue that has been assigned CVE-2019-25016. Rules that allowed the user to execute any command would inherit the executing users PATH instead of resetting it to a default PATH. The path will now be correctly reset (d5acd52) to the defined default PATH. Those rules still allow the user to execute any program from their PATH but executed commands won't inherit the users PATH anymore. Rules that limit the user to execute only a specific command are not affected by this and are only executed from the default PATH and with the PATH environment variable set to the safe default. Other changes are: -apply missing man page changes -Fixes to the configuration parser 2d7431c, 01ac841 and 36cc28e -Minor documentation and error message wording changes. |
||
|---|---|---|
| .. | ||
| patches | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||