
Serious flaw that lurked in sudo for 9 years hands over root privileges - vo2maxer
https://arstechnica.com/information-technology/2020/02/serious-flaw-that-lurked-in-sudo-for-9-years-finally-gets-a-patch/
======
DonHopkins
I posted this earlier about a terrible bug in the "passwd" program on Pyramid
OSx:

[https://news.ycombinator.com/item?id=15802533](https://news.ycombinator.com/item?id=15802533)

>Pyramid's OSx version of Unix (a dual-universe Unix supporting both 4.xBSD
and System V) [1] had a bug in the "passwd" program, such that if somebody
edited /etc/passwd with a text editor and introduced a blank line (say at the
end of the file, or anywhere), the next person who changed their password with
the setuid root passwd program would cause the blank line to be replaced by
"::0:0:::" (empty user name, empty password, uid 0, gid 0), which then let you
get a root shell with 'su ""', and log in as root by pressing the return key
to the Login: prompt. (Well it wasn't quite that simple. The email explains.)

(Continued in linked comment. It also includes a link to the story of how Pete
earned the nick-name "Gymble Roulette" thanks another fiasco with that same
flakey Pyramid 90x.)

------
Randor
Linux is swiss cheese. Back when I had access to Vupen via a shared account
the commercial product exploits had an expiration date internally called EOL
(End of Life) when disclosure occured. Interestingly the Linux exploits
appeared to be perpetual until public disclusure. Some of them were available
for over 3+ years. I always assumed it was because of some legal issues.
Nobody owns Linux so there is nobody to answer to.

