Re: sudo and UNIXes

To: debian-user@lists.debian.org
Subject: Re: sudo and UNIXes
From: Reco <recoverym4n@gmail.com>
Date: Mon, 28 Oct 2013 22:11:53 +0400
Message-id: <[🔎] 20131028181130.GB29376@x101h>
In-reply-to: <[🔎] 1bvc0hcqqo.fsf@snowball.wb.pfeifferfamily.net>
References: <[🔎] 5269D17C.6090504@optonline.net> <[🔎] 20131025183155.GB9627@hysteria.proulx.com> <[🔎] 20131025234110.478c8065ddd992139a38bc3e@gmail.com> <[🔎] CAOdo=SyHvrF=gPje83ryhjf+iyrLc6AqMTdHbJbJtfDFoWttBg@mail.gmail.com> <[🔎] 20131026011611.f2a1e103756681a7d0e858e0@gmail.com> <[🔎] CAOdo=SyowAJfhFf+4y-m52cew4OdCYHOG894yufXtGBnYXK3LA@mail.gmail.com> <[🔎] 20131027113150.5d165f99e540507a9892132f@gmail.com> <[🔎] 1b38nmdqfg.fsf@snowball.wb.pfeifferfamily.net> <[🔎] 20131028134702.GA23316@x101h> <[🔎] 1bvc0hcqqo.fsf@snowball.wb.pfeifferfamily.net>

On Mon, Oct 28, 2013 at 10:19:43AM -0600, Joe Pfeiffer wrote:
> Reco <recoverym4n@gmail.com> writes:
> >> You also have to add to the picture such a vulnerability, and I haven't
> >> noticed any.
> >
> > If we're speaking of public vulnerabilities:
> >
> > CVE-2010-0427.
> 
> Does not permit users outside of those in the sudoers file (or with the
> root password) to escalate privileges.

Lessens attack surface, but doesn't void the existence of vulnerability.

> 
> > CVE-2013-1775 (allows bypass sudoders modification to retain root
> > privileges).
> 
> Again -- isn't "basically equivalent to giving everyone uid=0."  Permits
> someone who *has* sudo access to avoid retyping a password.

Not only that. Permits someone who already has sudo access to continue
having such access indefinitely, ignoring being excluded from sudoers
altogether.

Reco

Reply to:

References:
- Re: audacity export wma format[1 more question]
  - From: Doug <dmcgarrett@optonline.net>
- Re: audacity export wma format[1 more question]
  - From: Bob Proulx <bob@proulx.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: recoverym4n@gmail.com
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Tom H <tomh0665@gmail.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Reco <recoverym4n@gmail.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Tom H <tomh0665@gmail.com>
- Re: sudo and UNIXes (was: audacity export wma format[1 more question])
  - From: Reco <recoverym4n@gmail.com>
- Re: sudo and UNIXes
  - From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>
- Re: sudo and UNIXes
  - From: Reco <recoverym4n@gmail.com>
- Re: sudo and UNIXes
  - From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>

Prev by Date: Re: local repo
Next by Date: Re: sudo and UNIXes (was: audacity export wma format[1 more question])
Previous by thread: Re: sudo and UNIXes
Next by thread: Re: sudo and UNIXes (was: audacity export wma format[1 more question])
Index(es):
- Date
- Thread