| > no claim was made of implied that they were mostly due to issues that memory safety would help with he literally did this is the entire message Sudo 1.8.0 to 1.9.12 (the latter is from 2023(!)) are *memory unsafe*. Sudo before 1.9.5p2 is *memory unsafe*. Sudo before 1.8.26 is *memory unsafe*. Sudo before 1.6.6 is *memory unsafe.* memory unsafe here is used for dramatic purpose by the author it actually means that Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c *array-out-of-bounds error* that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo *by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.* in this light, is PHP memory safe because it enforces runtime bounds checks on arrays? Or In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, **it is NOT the default for upstream and many other packages**, and would exist only if enabled by an administrator.) has one of these bugs ever been exploited? |
He literarily, both in the traditional (literally) and modern (figuratively) meanings, did not.
Stating that the page is the source for the information summarised does not mean the same as claiming all/most of the information in the page specifically refers to those cases.