[sudo-users] sudo 1.7.4p5 security fix; question...
Todd C. Miller
Todd.Miller at courtesan.com
Wed Jan 19 14:46:16 EST 2011
On Wed, 19 Jan 2011 13:42:53 EST, highc at stny.rr.com wrote:
> It is my expectation, there is no exposure if a team has not yet
> implemented a 'group' run as; for instance, if all of the 'run as'
> entries, the following would not trigger an exposure:
> dgb boulder = (opuid) /bin/ls, (root) /bin/kill, /usr/bin/lprm
>
> While this second version would:
>
> dgb boulder = (opuid : opgrp ) /bin/ls, (root) /bin/kill, /usr/bin/lprm
>
> Further, even if the second version were used, if NOPASSWD were coded
> with it, there would be no additional exposure?
That is correct. The bug only affects entries with a runas group
where authentication is required. There is no actual privilege
escalation.
- todd
More information about the sudo-users
mailing list