Linux security hole: Much sudo about nothing
There's a lot of hubbub out there now about a security hole in the Unix/Linux family's sudo command. Sudo is the command, which enables normal users to run commands as if they were the root user, aka the system administrator. While this sudo security vulnerability is a real problem and needs patching, it's not nearly as bad as some people make it out to be.
At first glance the problem looks like a bad one. With it, a user who is allowed to use sudo to run commands as any other user, except root, can still use it to run root commands. For this to happen, several things must be set up just wrong.
First the sudo user group must give a user the right to use sudo but doesn't give the privilege of using it to run root commands. That can happen when you want a user to have the right to run specific commands that they wouldn't normally be able to use. Next, sudo must be configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification.
- Login or register to post comments
- Printer-friendly version
- 6534 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Potential bypass of Runas user restrictions
Potential bypass of Runas user restrictions
Linux Sudo bug opens root access to unauthorized users
Linux Sudo bug opens root access to unauthorized users
More Sudo Coverage
One of Linux's most important commands had a glaring security flaw
Sudo Vulnerability
Linux/Unix exploit allows some restricted commands to be run as root without clearance
Big security flaw in Linux sudo command
Big security flaw in Linux sudo command
Security Flaw in Sudo...
Security Flaw in Sudo allows Users to Run Commands on Linux Systems
'Serious' Linux Sudo Bug's Damage Potential
'Serious' Linux Sudo Bug's Damage Potential Actually May Be Small
Linux Sudo Bug Lets Non-Privileged Users To Run Commands As Root
Linux Sudo Bug Lets Non-Privileged Users To Run Commands As Root
More Linux Bug
Linux Sudo bug could allow hackers root access
Linux Wi-Fi bug leaves systems vulnerable to forced crashes and full control by hackers
Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise
Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise
"Driver checks whether the card is currently connected in p2p"
This Week In Security: A Digital Café Américain, The Linux Bugs That Weren't, The Great Nation, And More
A Linux Bug Can Be Exploited To Hack Systems Using Wi-Fi Signals
Unpaired Linux bug can open devices for serious attacks via Wi-Fi
Patch Awaited For A Critical Four-Year-Old Linux WiFi...
Patch Awaited For A Critical Four-Year-Old Linux WiFi Vulnerability
Linux Could Open The Door To Serious Attacks Over Wifi Signals
Linux Could Open The Door To Serious Attacks Over Wifi Signals
More of this FUD
Linux Could Open The Door To Serious Attacks Over Wifi Signals [Ed: This FUD came from a Microsoft employee and was initially spread by a site where Microsoft employed convicted people to attack Linux and FOSS. This is false, It’s FUD. Nobody enables P2P mode. Almost nobody.]