[sudo-users] sudo 1.7.4p5 security fix; question...

highc at stny.rr.com highc at stny.rr.com
Wed Jan 19 13:42:53 EST 2011

I'm trying to determine if my team is exposed to the security concern 
fixed in 1.7.4p5, described as follows:

"A potential security issue exists in the handling of sudo's -g command 
line option when -u is not specified. Affected sudo versions are 1.7.0 
through 1.7.4p4. The flaw may allow a user to run commands as a group 
without being prompted for a password."

It is my expectation, there is no exposure if a team has not yet 
implemented a 'group' run as; for instance, if all of the 'run as' 
entries, the following would not trigger an exposure:
dgb  boulder = (opuid) /bin/ls, (root) /bin/kill, /usr/bin/lprm

While this second version would:

dgb  boulder = (opuid : opgrp ) /bin/ls, (root) /bin/kill, /usr/bin/lprm

Further, even if the second version were used, if NOPASSWD were coded 
with it, there would be no additional exposure?


More information about the sudo-users mailing list