[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sudo ... use or delete?

On 1/29/2021 4:57 PM, Antonio Russo wrote:

On 1/29/21 8:54 AM, john doe wrote:
In the case of sudo, you could deny the use of sudo by removing all
users from the sudoers file or by denying sudo access  explicitly in the
sudoers file.

Also, removing all users from the sudo group.

John Doe

As I understand it, this would not have protected against the recent local
privilege escalation bug in sudo.  If you're interested in improving
security, the desire is to reduce the total amount of privileged code on
the machine.

The bug you are referring to is already corrected (1).

1)  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156

John Doe

Reply to: