|
|
|
|
|
|
by WirelessGigabit
1090 days ago
|
|
|
Do you know if sudo uses negative tests for their CVE fixes? If they are written in such a way that they are portable (i.e. execute sudo, send mangled data, inspect response) it shouldn't be too hard to run it against the new version. At least that is what I try to practice in fixing all kinds of bugs. Write test that proves the bug, fix the bug, write test that proves bugfix works, invert the test that proves the bug. |
|
|
[1] https://github.com/millert/sudo/actions