Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

Discussion in 'all things UNIX' started by guest, Oct 14, 2019.

  1. guest

    guest Guest

    Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted
    October 14, 2019
    https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
    Sudo: Potential bypass of Runas user restrictions
     
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,887
    Location:
    Stockholm Sweden
    Kubuntu patched it yesterday.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Huh, I'm almost sure that I've seen this before. Quite some time ago. Months, at least.

    But whatever. Debian doesn't install sudo by default. And as I recall, never has.
     
  4. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    So did Arch Linux, of course ;)
     
  5. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Here's an article from The Register that sorts things out:

     
  6. guest

    guest Guest

    Buffer Overflow In Older Sudo Versions Could Be Used To Get Root On Elementary, Linux Mint
    February 2, 2020
    https://linuxreviews.org/Buffer_Ove...Be_Used_To_Get_Root_On_Elementary,_Linux_Mint
     
  7. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,001
    Location:
    Member state of European Union
    Yet again flaw in sudo? No wonder OpenBSD written and replaced it with doas command.
     
  8. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,668
    Location:
    Philippines
    I don't view this as a serious flaw, while pwfeedback is a default setting in some Linux distributions, it is not the default for upstream or in Slackware. That and for Slackware64-cuurent at least, has been on 1.8.27 since Jan 2019. Slackware is now on 1.8.31.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Debian doesn't use sudo, by default. Just su.
     
  10. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Have sudo version 1.8.21p2
    Says user may run the following commands on xxxxx...
    (ALL : ALL) ALL
    (root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
     
  11. guest

    guest Guest

    Ubuntu-based elementary OS 5.1.2 Hera update fixes dangerous Linux sudo bug
    February 9, 2020
    https://betanews.com/2020/02/09/elementary-os-sudo-linux/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.