https://bugzilla.suse.com/show_bug.cgi?id=1220586 Bug ID: 1220586 Summary: sudo wrapper inside $HOME/bin Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE Tumbleweed Status: NEW Severity: Critical Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: slawek@lach.art.pl QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Opensuse allows to ran executables from $HOME/bin. Placing malicious program (for example - bash script), called sudo, could execute code as root. Tbis program would call sudo with absolute path and own arguments. It could also call sudo with arguments passed to this program, but also call it after/before with own arguments. -- You are receiving this mail because: You are on the CC list for the bug.