Linux security hole: Much sudo about nothing

Nothing to see here, move along…:

[…] As the sudo manual points out, “using ALL can be dangerous since in a command context, it allows the user to run any command on the system.” In all my decades of working with Linux and Unix, I have never known anyone to set up sudo with ALL.

That said, if you do have such an inherently broken system, it’s then possible to run commands as root by specifying the user ID -1 or 4294967295. Thus, if the ALL keyword is listed first in the Runas specification, an otherwise restricted sudo user can then run root commands.

Scary? Not really. It’s pretty much a useless vulnerability. It won’t mess you over if you have a fouled up sudo installation and the attacker is already a sudo user.


Original Article