[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian package manager privilege escalation attack

On Thu, Aug 12, 2021 at 01:19:23PM +0000, Holger Levsen wrote:
> On Thu, Aug 12, 2021 at 01:12:37AM -0500, Brian Thompson wrote:
> > Would you agree that there is an issue with sudo access that is enabled
> > by default on most Debian and Debian-based distributions? The bug may
> > not be in apt, but it definitely lives somewhere.
> 
> if those users are not trustworthy than the bug is giving them sudo,
> nothing else. (Debian does not give sudo to users by default. The default
> is to set a root password.)

Well, if you choose not to enter a root password, then the installed
system will have sudo with a "the user created at install time can run
everything as root through sudo" configuration, which essentially is the
same thing.

-- 
     w@uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}
Reply to: