commands can start with ./* not just /* -- fixes a serious security hole.

1998-01-13 04:10:08 +00:00
parent 07e09b16f2
commit ab9b352455
1 changed files with 1 additions and 1 deletions
--- a/parse.c
+++ b/parse.c
@@ -218,7 +218,7 @@ int command_matches(cmnd, user_args, path, sudoers_args)
    static char *c;

    /* don't bother with pseudo commands like "validate" */
-    if (*cmnd != '/')
+    if (*cmnd != '/' && *cmnd != '.')
 	return(FALSE);

    /* only need to stat cmnd once since it never changes */