Re: sudo and UNIXes

To: debian-user@lists.debian.org
Subject: Re: sudo and UNIXes
From: Reco <recoverym4n@gmail.com>
Date: Mon, 28 Oct 2013 18:34:19 +0400
Message-id: <[🔎] 20131028143416.GD23316@x101h>
In-reply-to: <[🔎] 526E6D10.5070402@gmail.com>
References: <[🔎] 5269D17C.6090504@optonline.net> <[🔎] 20131025183155.GB9627@hysteria.proulx.com> <[🔎] 20131025234110.478c8065ddd992139a38bc3e@gmail.com> <[🔎] CAOdo=SyHvrF=gPje83ryhjf+iyrLc6AqMTdHbJbJtfDFoWttBg@mail.gmail.com> <[🔎] 20131026011611.f2a1e103756681a7d0e858e0@gmail.com> <[🔎] CAOdo=SyowAJfhFf+4y-m52cew4OdCYHOG894yufXtGBnYXK3LA@mail.gmail.com> <[🔎] 20131027113150.5d165f99e540507a9892132f@gmail.com> <[🔎] 1b38nmdqfg.fsf@snowball.wb.pfeifferfamily.net> <[🔎] 20131028134702.GA23316@x101h> <[🔎] 526E6D10.5070402@gmail.com>

On Mon, Oct 28, 2013 at 03:56:32PM +0200, Lars Noodén wrote:
> On 10/28/2013 03:47 PM, Reco wrote:
> > On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote:
> [snip]
> >> You also have to add to the picture such a vulnerability, and I haven't
> >> noticed any.
> > 
> > If we're speaking of public vulnerabilities:
> > 
> > CVE-2010-0427.
> > CVE-2013-1775 (allows bypass sudoders modification to retain root
> > privileges).
> 
> CVE-2010-0427 may be the better example of the two, though it relies on
> a special configuration.
> 
> CVE-2013-1775 is a rather contrived case and needs physical access.  The
> general perception is that the game is over anyway when there is
> physical access.

Still, they are (hopefully fully fixed) vulnerabilities, and they allow
escalation to root, aren't they?

Reco

Reply to:

References:
- Re: audacity export wma format[1 more question]
  - From: Doug <dmcgarrett@optonline.net>
- Re: audacity export wma format[1 more question]
  - From: Bob Proulx <bob@proulx.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: recoverym4n@gmail.com
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Tom H <tomh0665@gmail.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Reco <recoverym4n@gmail.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Tom H <tomh0665@gmail.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Reco <recoverym4n@gmail.com>
- Re: sudo and UNIXes
  - From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>
- Re: sudo and UNIXes
  - From: Reco <recoverym4n@gmail.com>
- Re: sudo and UNIXes
  - From: Lars Noodén <lars.nooden@gmail.com>

Prev by Date: Re: sudo and UNIXes (was: audacity export wma format[1 more question])
Next by Date: Installation of Debian under MAC OS X Lion and Parallels Desktop 7
Previous by thread: Re: sudo and UNIXes
Next by thread: Re: sudo and UNIXes
Index(es):
- Date
- Thread