Follow

@aeveltstra

> "Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted" – thehackernews.com/2019/10/linu

First thought: Yikes!

Second thought…*man* I love being on a rolling release distro—the new sudo package is already in the repo

@aeveltstra

> "Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted" – thehackernews.com/2019/10/linu

Third thought: turns out this vulnerability only occurred for configurations where users were allowed to `sudo` into *any* non-root user. (The vulnerability allowed them to also become root).

That seems like a bad idea anyway, so hopefully such configs were rare?

sudo.ws/alerts/minus_1_uid.htm

@codesections I hope so too. But all I need to do to find an example is to look at myself: I use Linux casually and on already restricted devices: chances are my installations are vulnerable due to configuration flaws.

@codesections @aeveltstra It's an odd setup where you can have this problem.

Generally I have seen sudo setups where:
* You don't care what the new user is
* You specify the one new user the command can be run as.

I think neither of those are vulnerable. Still, it's good to fix it.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.