-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Do not report security vulnerabilities through public GitHub issues.
Instead, you can report them using our security page. Alternatively, you can also send them by email to [email protected]. You can encrypt your mail using GnuPG if you want. Use the GPG key with fingerprint C2E4 CAC4 B122 25DE 1C3B B1C9 289D 0820 03D0 1E95.
Include as much of the following information:
- Type of issue (e.g. buffer overflow overflow, privilege escalation, etc.)
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- The Linux distribution affected.
- Step-by-step instructions to reproduce the issue
- Impact of the issue, including how an attacker might exploit the issue
If you have found a bug that also exists in original sudo (which, although unlikely, means it is a very serious issue), you must also follow the steps at https://www.sudo.ws/security/policy/
We prefer to receive reports in English. If necessary, we also understand Spanish, German and Dutch.
Like original sudo, we adhere to the principle of responsible disclosure.
sudo-rs
is currently in an alpha stage, and does not have any releases yet, nor do we offer support. Therefore we strongly recommend not
using it for anything else than experiments.
Once we offer official releases, security advisories will be published on GitHub and possibly through other channels.
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQTC5MrEsSIl3hw7sckonQggA9AelQUCZEe6XAAKCRAonQggA9Ae lRa9AQC0KKLxA09UdSHdR4mhle0zyq411sVPbtNo03achQ05yQD/dBi8aqcF3+s7 vdQpPgv8CHf+7YdrZh8uVIzr+ToDZwQ= =RPT9
-----END PGP SIGNATURE-----