Computing > Security

Buffer overflow in sudo

(1/1)

BU508A:
There is a buffer overflow in sudo. I recommend to update it to the newest version.

https://www.sudo.ws/alerts/unescape_overflow.html

Ed.Kloonk:

--- Quote from: BU508A on January 27, 2021, 03:25:05 pm ---There is a buffer overflow in sudo. I recommend to update it to the newest version.

https://www.sudo.ws/alerts/unescape_overflow.html

--- End quote ---

Or 'do' yourself a favor and run doas instead.

doas gives you root access without all the bloat that is in sudo that has features only for permission maniacs.

Halcyon:
Why bother changing to a whole new way of doing things when the problem has been fixed?

Ed.Kloonk:

--- Quote from: Halcyon on February 04, 2021, 01:36:38 am ---Why bother changing to a whole new way of doing things when the problem has been fixed?

--- End quote ---

Most people just want to elevate to root. Both progs can do it but doas doesn't contain all the bloat that sudo does.

Nominal Animal:

--- Quote from: Ed.Kloonk on February 04, 2021, 02:41:22 am ---
--- Quote from: Halcyon on February 04, 2021, 01:36:38 am ---Why bother changing to a whole new way of doing things when the problem has been fixed?

--- End quote ---
Most people just want to elevate to root. Both progs can do it but doas doesn't contain all the bloat that sudo does.

--- End quote ---
It's good for there to be more than one way, and doas has been designed to do almost all that sudo does.  "Just elevate to root" is how many end users use it, but its true purpose is to switch between differently-privileged user accounts.

Unfortunately, it hasn't been packaged for Debian or Debian derivatives yet, and actually needs a bit of work to work with Linux PAM.  Fortunately, OpenDoas seems to be progressing nicely, although I haven't pored through the code myself.

(I've done quite a bit of work wrt. privilege separation via sudo, filesystem capabilities in Linux, and Apache SuEXEC mechanism.  They are rather large hammers for things that often could be done better (more securely and robustly) via other ways...  Just don't get me started on the assumptions of the Apache SuEXEC mechanism and how it propagates a nonsensical view of proper privilege separation for web services.)

Navigation

[0] Message Index

There was an error while thanking
Thanking...
Go to full version