Heap-based buffer overflow in sudo:

- exploitable by any local user (even non-sudoers)
- introduced in July 2011
- affects default configuration

re LB: oh well, it's not like it's a commonly used piece of software that ostensibly increases security... ;-/

Daily Reminder:
doas is a lightweight and simpler alternative tool that can replace sudo.

@fribbledom Okay, when will sudo get audits for existing code and all changes?

@fribbledom Am I reading that right? Only if sudo is run ins shell mode with -s or -i options is this vulnerability exploitable?

@acciomath @fribbledom don't write C kids...
People can't write C, demonstrated lots of times by now.

This is why safer languages exist....

@acciomath @fribbledom

Computer, make me a sandwich that can outthink Data.

> Permission denied

sudo make me a sandwich that can outthink Data.


I know! D:
I just saw the debian mailing list and almost freaked out..but then I remembered why I don't trust user-mode programs to be safe..

Haven't people always been able to just edit ~/.bashrc and put a line that adds some random folder to PATH ahead of /usr/bin with their own trojan version of "sudo"? (Or any other command?)

#sudo #sudo2021

@fribbledom sudo made me a sandwhich and it did not report the incident.

How can I test if I have vulnerable version?
To test if a system is vulnerable or not, login to the system as a non-root user.
Run command “sudoedit -s /”
If the system is vulnerable, it will respond with an error that starts with “sudoedit:”
If the system is patched, it will respond with an error that starts with “usage:”

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!