There's an example of what happens on unpatched systems in the blog entry you link to:
Code:
sudoedit -s '\' `perl -e 'print "A" x 65536'`
should lead to a crash (of sudo, not of the whole system) with dumped core. On a patched system you'll get a notice on the legal options to sudoedit instead ('sudoedit' should be the same as 'sudo -e' and you should not be able to have both the '-e' and the '-s' option at the same time). On my XUbuntu 18.04 with the sudo package at 1.8.21p2-3ubuntu1.4 I get the notice, so a patch was applied - probably in the update I did yesterday. And 'sudo --version' still returns 'Sudo-Version 1.8.21p2', probably so that programs that parse the version don't get confused by the additional information ('-3ubuntu1.4').
Holger
Bookmarks