
Sudo: CVE-2019-14287 – Fascinating reminder that security is hard - stevekemp
https://www.openwall.com/lists/oss-security/2019/10/14/1
======
sir_eliah
Very interesting! I'm just reading the commit that fixes this to understand
what exactly went wrong.
[https://www.sudo.ws/repos/sudo/rev/83db8dba09e7](https://www.sudo.ws/repos/sudo/rev/83db8dba09e7)

------
NKosmatos
This is not good... Haven't tried it yet, but it's a big security hole in
"sudo". Patch up your Linux systems now!

------
tidus1
tried it on my centos and ubuntu systems... doesn't work

:/

~~~
alethiophile
It only works if you've got a specific, somewhat unlikely configuration. You
need to have ALL in the user specifier, but not root (or else it's not a vuln,
just a bug). So

> username ALL=(ALL, !root) ALL

would be vulnerable; this is trying to let username run commands as any other
user _except_ root, but using this vuln the user can get around it.

You can duplicate it by running (as a user with sudo ALL privileges) `sudo
-u#-1 id`; it'll show 0, for root.

