@aeveltstra

> "Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted" – thehackernews.com/2019/10/linu

First thought: Yikes!

Second thought…*man* I love being on a rolling release distro—the new sudo package is already in the #void repo

@aeveltstra

> "Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted" – thehackernews.com/2019/10/linu

Third thought: turns out this vulnerability only occurred for configurations where users were allowed to `sudo` into *any* non-root user. (The vulnerability allowed them to also become root).

That seems like a bad idea anyway, so hopefully such configs were rare?

sudo.ws/alerts/minus_1_uid.htm

Follow

@codesections @aeveltstra It's an odd setup where you can have this problem.

Generally I have seen sudo setups where:
* You don't care what the new user is
* You specify the one new user the command can be run as.

I think neither of those are vulnerable. Still, it's good to fix it.

Sign in to participate in the conversation
Mastodon on Dropbear

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!