Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

Attention Linux Users! A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Li

[inductor]

今日の一番の学び「sudoコマンドには公式キャラクターがおり、食パンマンのキモい版みたいな見た目をしている。」 ref: https://www.sudo.ws/

[atsushifx]

sudoersで制限していてもrootとしてコマンドが実行できる脆弱性が見つかったと。useridが-1のときにuserid=0、つまりrootとして処理をしてしまうらしい

[akulog]

えっ…

[rin51]

suはsubstitute userなのにsudoはsuperuserなのか >Sudo, stands for "superuser do,"

[S64]

うお、この脆弱性けっこういやだな

[takeda25]

すごい

[krrrr]

“exploited by an attacker to run commands as root just by specifying the user ID "-1" or "4294967295."”