@aeveltstra

> "Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted" – thehackernews.com/2019/10/linu

First thought: Yikes!

Second thought…*man* I love being on a rolling release distro—the new sudo package is already in the #void repo

@aeveltstra

> "Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted" – thehackernews.com/2019/10/linu

Third thought: turns out this vulnerability only occurred for configurations where users were allowed to `sudo` into *any* non-root user. (The vulnerability allowed them to also become root).

That seems like a bad idea anyway, so hopefully such configs were rare?

sudo.ws/alerts/minus_1_uid.htm

Follow

@codesections I hope so too. But all I need to do to find an example is to look at myself: I use Linux casually and on already restricted devices: chances are my installations are vulnerable due to configuration flaws.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!