[sudo-users] sudo 1.7.4p5 security fix; question...

Todd C. Miller Todd.Miller at courtesan.com
Wed Jan 19 14:46:16 EST 2011


On Wed, 19 Jan 2011 13:42:53 EST, highc at stny.rr.com wrote:

> It is my expectation, there is no exposure if a team has not yet 
> implemented a 'group' run as; for instance, if all of the 'run as' 
> entries, the following would not trigger an exposure:
> dgb  boulder = (opuid) /bin/ls, (root) /bin/kill, /usr/bin/lprm
> 
> While this second version would:
> 
> dgb  boulder = (opuid : opgrp ) /bin/ls, (root) /bin/kill, /usr/bin/lprm
> 
> Further, even if the second version were used, if NOPASSWD were coded 
> with it, there would be no additional exposure?

That is correct.  The bug only affects entries with a runas group
where authentication is required.  There is no actual privilege
escalation.

 - todd



More information about the sudo-users mailing list