Re: Sudo ... use or delete?

To: debian-user@lists.debian.org
Subject: Re: Sudo ... use or delete?
From: john doe <johndoe65534@mail.com>
Date: Fri, 29 Jan 2021 17:22:58 +0100
Message-id: <[🔎] 4cf5d083-1b05-bb9c-8807-54b5d098770b@mail.com>
In-reply-to: <[🔎] 418fb79f-822c-4ed9-b610-c276a561c7ac@aerusso.net>
References: <[🔎] 6c403b62-adc8-0c4f-9045-f8b892b1ebd2@sdi-baja.com> <[🔎] 878s8b68ue.fsf@iki.fi> <[🔎] e3c3f9f7-e97f-d943-ae10-4277798e67ca@mail.com> <[🔎] 418fb79f-822c-4ed9-b610-c276a561c7ac@aerusso.net>

On 1/29/2021 4:57 PM, Antonio Russo wrote:



On 1/29/21 8:54 AM, john doe wrote:

In the case of sudo, you could deny the use of sudo by removing all
users from the sudoers file or by denying sudo access  explicitly in the
sudoers file.


Also, removing all users from the sudo group.

--
John Doe


As I understand it, this would not have protected against the recent local
privilege escalation bug in sudo.  If you're interested in improving
security, the desire is to reduce the total amount of privileged code on
the machine.


The bug you are referring to is already corrected (1).

1)  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156

--
John Doe

Reply to:

References:
- Sudo ... use or delete?
  - From: Peter Ehlert <peter@sdi-baja.com>
- Re: Sudo ... use or delete?
  - From: Teemu Likonen <tlikonen@iki.fi>
- Re: Sudo ... use or delete?
  - From: john doe <johndoe65534@mail.com>
- Re: Sudo ... use or delete?
  - From: Antonio Russo <aerusso@aerusso.net>

Prev by Date: Re: Sudo ... use or delete?
Next by Date: Re: problem with wget -O
Previous by thread: Re: Sudo ... use or delete?
Next by thread: Re: Sudo ... use or delete?
Index(es):
- Date
- Thread