COMMAND

    sudo

SYSTEMS AFFECTED

    Debian (othes?)

PROBLEM

    Bencsath  Boldizsar  found  following.   Sudo (debian, v1.5.6p2-2)
    tells  anyone  if  a  file  exists  or  not.   It's not a very big
    problem, but when you set  a directory _not_ accessible to  anyone
    but root, you want  to make sure, nobody  knows what files are  in
    it.  Both executable and not executables- if there is no file:  No
    such file  or directory,  if it  exists: permission  denied if not
    executable, You are not in sudoers if executable.

        > ls -la a
        total 4
        drwx------   2 root     root         1024 Jun  8 21:25 .
        drwx------   7 root     root         1024 Jun  8 21:22 ..
        -rwxr-xr-x   1 root     root         1363 Jun  8 21:23 doit
        > su - alias
        No directory, logging in with HOME=/
        $ /root/a/doit
        su: /root/a/doit: Permission denied
        $ /root/a/doit2
        su: /root/a/doit2: Permission denied
        $ sudo /root/a/doit
        alias is not in the sudoers file.  This incident will be reported.

        $ sudo /root/a/doit2
        sudo: /root/a/doit2: No such file or directory
        $ dpkg -l sudo
        ...
        ||/ Name            Version        Description
        +++-===============-==============-============================================
        ii  sudo            1.5.6p2-2      Provides limited super user privileges

        > chmod a-x /root/a/doit
        > su - alias
        No directory, logging in with HOME=/
        $ sudo /root/a/doit
        sudo: /root/a/doit: Permission denied
        $ sudo /root/a/doit2
        sudo: /root/a/doit2: No such file or directory

SOLUTION

    Nothing  yet  (When  configuring  (at  compile time) would setting
    --disable-path-info stop this problem?).