Discussion in 'Article Discussion' started by bit-tech, 15 Oct 2019.
This is the first article I've read that explains under which situations it's actually exploitable except "It's WIDE OPEN!" everywhere else. Great investigating, G.
Does this affect the MacOS release of sudo?
My *understanding of it says yes and no, same as other Linux/Unix based systems, as normally only administrators can run sudo so someone would have had to have changed the default permissions on sudo.
If I've got that right then all credit to Mr H's explanation, if not then I'm stupid.
As far as I'm aware, yes - but with the proviso that, as on other platforms, you have to be deliberately running a really unusual non-standard configuration for it to be exploitable.
Kinda-sorta, yeah. There's a file called "sudoers" which holds the list of people who can run sudo and what accounts they can pretend to be. On a standard install of a single-user desktop system, that'll have one entry: your user account, with permissions letting you switch context to root so you can install software and stuff. If you add more users, they won't have a sudoers entry unless you give them one.
The exploit only works if the user attempting to exploit the vulnerability has the permission to switch context to any other user *except* root. Which would first need there to be more users than the user and root, so a vanishingly small number of desktops where people use user accounts properly instead of just sharing one account, and for there to be a reason they'd be allowed to access all other user accounts but not root.
Basically, the reason nobody found the flaw up until now is 'cos pretty much no system in the world is configured in the way it has to be configured to make it exploitable. Which isn't to say it's not a serious bug, 'cos it is, it's just not likely to be readily exploitable.
Separate names with a comma.