1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Sudo utility hit by permission bypass vulnerability

Discussion in 'Article Discussion' started by bit-tech, 15 Oct 2019.

  1. bit-tech

    bit-tech Supreme Overlord Staff Administrator

    Joined:
    12 Mar 2001
    Posts:
    2,574
    Likes Received:
    45
    Read more
     
    Corky42 likes this.
  2. yuusou

    yuusou Well-Known Member

    Joined:
    5 Nov 2006
    Posts:
    2,082
    Likes Received:
    320
    This is the first article I've read that explains under which situations it's actually exploitable except "It's WIDE OPEN!" everywhere else. Great investigating, G.

    Does this affect the MacOS release of sudo?
     
    Corky42 likes this.
  3. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,444
    Likes Received:
    338
    My *understanding of it says yes and no, same as other Linux/Unix based systems, as normally only administrators can run sudo so someone would have had to have changed the default permissions on sudo.

    *Rather limited.

    If I've got that right then all credit to Mr H's explanation, if not then I'm stupid. :)
     
  4. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    13,004
    Likes Received:
    2,127
    Ta!
    As far as I'm aware, yes - but with the proviso that, as on other platforms, you have to be deliberately running a really unusual non-standard configuration for it to be exploitable.
    Kinda-sorta, yeah. There's a file called "sudoers" which holds the list of people who can run sudo and what accounts they can pretend to be. On a standard install of a single-user desktop system, that'll have one entry: your user account, with permissions letting you switch context to root so you can install software and stuff. If you add more users, they won't have a sudoers entry unless you give them one.

    The exploit only works if the user attempting to exploit the vulnerability has the permission to switch context to any other user *except* root. Which would first need there to be more users than the user and root, so a vanishingly small number of desktops where people use user accounts properly instead of just sharing one account, and for there to be a reason they'd be allowed to access all other user accounts but not root.

    Basically, the reason nobody found the flaw up until now is 'cos pretty much no system in the world is configured in the way it has to be configured to make it exploitable. Which isn't to say it's not a serious bug, 'cos it is, it's just not likely to be readily exploitable.
     
    Corky42 likes this.
Tags: Add Tags

Share This Page