Linux security hole: Much sudo about nothing

Yes, the sudo command has a security bug. But, in the real world, it’s hard to see how it could be used against you.

There’s a lot of hubbub out there now about a security hole in the Unix/Linux family’s sudo command. Sudo is the command, which enables normal users to run commands as if they were the root user, aka the system administrator. While this sudo security vulnerability is a real problem and needs patching, it’s not nearly as bad as some people make it out to be.

At first glance, the problem looks like a bad one. With it, a user who is allowed to use sudo to run commands as any other user, except root, can still use it to run root commands. For this to happen, several things must be set up just wrong. 

First, the sudo user group must give a user the right to use sudo but doesn’t give the privilege of using it to run root commands. That can happen when you want a user to have the right to run specific commands that they wouldn’t normally be able to use.  Next, sudo must be configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification. 

Read further on ZDnet

Follow us:

Start the discussion at forum.endeavouros.com

%d bloggers like this: