
CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux - miduil
http://www.openwall.com/lists/oss-security/2017/05/30/16
======
mitchtbaum
For those interested in a Rust lang rewrite (only a week old even), see
[https://github.com/shawnanastasio/rudo](https://github.com/shawnanastasio/rudo)
and some reviews at
[https://www.reddit.com/r/rust/comments/6d5smn/rudo_a_toy_sud...](https://www.reddit.com/r/rust/comments/6d5smn/rudo_a_toy_sudo_clone_written_in_rust_xpost/)

~~~
jzwinck
Not really relevant. The main bug being discussed is a text parsing bug
related to syntax, not memory access errors or the like. Rust seems cool and
all but it isn't immune to logical errors.

------
IshKebab
> Unfortunately, these fields are space-separated and field 2 (comm, the
> filename of the command) can contain spaces

Well that's embarrassing. Text-based formats don't look so great now do they?

------
ryanlol
This bug is not a very big deal, it can only be exploited by users that
already have sudo access. The publicity it's receiving is mostly undeserved.

~~~
wyldfire
Sudo can be configured to grant very limited access to specific users, to run
specific programs, run as privileged-but-not-superuser, etc. [1]

[1]
[https://www.sudo.ws/man/1.8.15/sudoers.man.html](https://www.sudo.ws/man/1.8.15/sudoers.man.html)

~~~
ryanlol
I'm aware, but the in the end that's a relatively uncommon configuration, and
would still usually require the users password increasing difficulty of
exploitation even further.

Not only that, but in my experience people tend to screw up these setups most
of the time allowing easy root shells without sudo vulns.

~~~
wyldfire
> usually require the users password increasing difficulty of exploitation
> even further.

Unless the user themselves is the perpetrator. They know their own password
and the superuser believes that the system restrictions will grant them only
the limited access that they specified.

~~~
ryanlol
I think at this point we've established just how few people this bug impacts.

~~~
wyldfire
I will concede that it's not time to panic, but it's a security bug and one
that we know about. Let's continue to keep the bar high for successful
exploits.

