Apply by doing: cd /usr/src patch -p0 < 003_sudo.patch The rebuild sudo: cd usr.bin/sudo make obj make depend make make install Index: usr.bin/sudo/parse.yacc =================================================================== RCS file: /home/cvs/openbsd/src/usr.bin/sudo/parse.yacc,v retrieving revision 1.10 diff -u -r1.10 parse.yacc --- usr.bin/sudo/parse.yacc 28 Sep 2004 15:10:51 -0000 1.10 +++ usr.bin/sudo/parse.yacc 20 Jun 2005 14:17:26 -0000 @@ -676,10 +676,6 @@ } $$ = TRUE; - - if (safe_cmnd) - free(safe_cmnd); - safe_cmnd = estrdup(user_cmnd); } | ALIAS { aliasinfo *aip; Index: usr.bin/sudo/sudo.c =================================================================== RCS file: /home/cvs/openbsd/src/usr.bin/sudo/sudo.c,v retrieving revision 1.24 diff -u -r1.24 sudo.c --- usr.bin/sudo/sudo.c 31 Jan 2005 18:53:33 -0000 1.24 +++ usr.bin/sudo/sudo.c 20 Jun 2005 14:17:26 -0000 @@ -275,6 +275,8 @@ /* Validate the user but don't search for pseudo-commands. */ validated = sudoers_lookup(pwflag); } + if (safe_cmnd == NULL) + safe_cmnd = user_cmnd; /* * If we are using set_perms_posix() and the stay_setuid flag was not set, @@ -389,14 +391,6 @@ sudo_ldap_list_matches(); #endif exit(0); - } - - /* This *must* have been set if we got a match but... */ - if (safe_cmnd == NULL) { - log_error(MSG_ONLY, - "internal error, safe_cmnd never got set for %s; %s", - user_cmnd, - "please report this error at http://courtesan.com/sudo/bugs/"); } /* Override user's umask if configured to do so. */ Index: usr.bin/sudo/version.h =================================================================== RCS file: /home/cvs/openbsd/src/usr.bin/sudo/version.h,v retrieving revision 1.28 diff -u -r1.28 version.h --- usr.bin/sudo/version.h 5 Feb 2005 23:31:53 -0000 1.28 +++ usr.bin/sudo/version.h 20 Jun 2005 14:17:34 -0000 @@ -23,6 +23,6 @@ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.8p6"; +static const char version[] = "1.6.8p6+race_fix"; #endif /* _SUDO_VERSION_H */