X10 Community Forum

💬General Category => Mac/Linux & Open Source and the X10 Home => Raspberry Pi, Arduino & other SBC => Topic started by: dhouston on October 14, 2019, 08:07:16 PM

Title: sudo security flaw
Post by: dhouston on October 14, 2019, 08:07:16 PM

https://www.engadget.com/2019/10/14/linux-unix-sudo-command-security-flaw/ (https://www.engadget.com/2019/10/14/linux-unix-sudo-command-security-flaw/)

Title: Re: sudo security flaw
Post by: bkenobi on October 15, 2019, 11:20:13 AM

I have not tried this on my own systems and any sudo request is logged at work so I'm not going to try it there.  But, I find it hard to believe that this bug could have lived potentially close to 40 years (developed in the 1980's originally).

Title: Re: sudo security flaw
Post by: Tuicemen on October 16, 2019, 08:48:43 AM

As the artical states

Quote

any attacker will need to have command line control over your system before they can even consider exploiting the flaw -- at that point, you probably have larger problems

With command line access having additional restrictions isn't going to stop a hacker from screwing with your setup if they wish to do so.

Title: Re: sudo security flaw
Post by: petera on October 16, 2019, 11:37:13 AM

Storm in a teacup. Headline grabber really. Matter has already been resolved and really only related to non standard Linux installs. Having full understanding of Linux hierarchy and file structures helps to avoid a situation like this and updating your distribution regularly tends to help too.

https://www.google.ie/amp/s/www.theregister.co.uk/AMP/2019/10/14/linux_sudo_security_bug/