Re: sudo and UNIXes

To: debian-user@lists.debian.org
Subject: Re: sudo and UNIXes
From: Reco <recoverym4n@gmail.com>
Date: Mon, 28 Oct 2013 17:47:03 +0400
Message-id: <[🔎] 20131028134702.GA23316@x101h>
In-reply-to: <[🔎] 1b38nmdqfg.fsf@snowball.wb.pfeifferfamily.net>
References: <[🔎] 1382614959.670.2.camel@archlinux> <[🔎] 20131025012648.GA28581@hysteria.proulx.com> <[🔎] 5269D17C.6090504@optonline.net> <[🔎] 20131025183155.GB9627@hysteria.proulx.com> <[🔎] 20131025234110.478c8065ddd992139a38bc3e@gmail.com> <[🔎] CAOdo=SyHvrF=gPje83ryhjf+iyrLc6AqMTdHbJbJtfDFoWttBg@mail.gmail.com> <[🔎] 20131026011611.f2a1e103756681a7d0e858e0@gmail.com> <[🔎] CAOdo=SyowAJfhFf+4y-m52cew4OdCYHOG894yufXtGBnYXK3LA@mail.gmail.com> <[🔎] 20131027113150.5d165f99e540507a9892132f@gmail.com> <[🔎] 1b38nmdqfg.fsf@snowball.wb.pfeifferfamily.net>

On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote:
> Reco <recoverym4n@gmail.com> writes:
> > True, you need to add to the picture that curious user who just read on
> > Bugtraq or Full Disclosure about fresh vulnerability in sudo. Or that
> > disgruntled user who needs /etc/system changed right here and now. Or
> > that developer who needs to do this 'small change, nobody will notice'
> > on a production server.
> > And if you don't have such people there - good for you, as here we can
> > always find such person here.
> 
> You also have to add to the picture such a vulnerability, and I haven't
> noticed any.

If we're speaking of public vulnerabilities:

CVE-2010-0427.
CVE-2013-1775 (allows bypass sudoders modification to retain root
privileges).

I have no knowledge about private 0days.

Reco

Reply to:

Follow-Ups:
- Re: sudo and UNIXes
  - From: Lars Noodén <lars.nooden@gmail.com>
- Re: sudo and UNIXes
  - From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>

References:
- Re: audacity export wma format[1 more question]
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: audacity export wma format[1 more question]
  - From: Bob Proulx <bob@proulx.com>
- Re: audacity export wma format[1 more question]
  - From: Doug <dmcgarrett@optonline.net>
- Re: audacity export wma format[1 more question]
  - From: Bob Proulx <bob@proulx.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: recoverym4n@gmail.com
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Tom H <tomh0665@gmail.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Reco <recoverym4n@gmail.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Tom H <tomh0665@gmail.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Reco <recoverym4n@gmail.com>
- Re: sudo and UNIXes
  - From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>

Prev by Date: Re: sudo and UNIXes (was: audacity export wma format[1 more question])
Next by Date: Re: sudo and UNIXes (was: audacity export wma format[1 more question])
Previous by thread: Re: sudo and UNIXes
Next by thread: Re: sudo and UNIXes
Index(es):
- Date
- Thread