"Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted" – https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
> "Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted" – https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
First thought: Yikes!
Second thought…*man* I love being on a rolling release distro—the new sudo package is already in the #void repo
@codesections I hope so too. But all I need to do to find an example is to look at myself: I use Linux casually and on already restricted devices: chances are my installations are vulnerable due to configuration flaws.
@codesections @aeveltstra It's an odd setup where you can have this problem.
Generally I have seen sudo setups where:
* You don't care what the new user is
* You specify the one new user the command can be run as.
I think neither of those are vulnerable. Still, it's good to fix it.
@aeveltstra
> "Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted" – https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
Third thought: turns out this vulnerability only occurred for configurations where users were allowed to `sudo` into *any* non-root user. (The vulnerability allowed them to also become root).
That seems like a bad idea anyway, so hopefully such configs were rare?
https://www.sudo.ws/alerts/minus_1_uid.html