Linux sudo command bug could give any user root access

Swa said:
It's common knowledge. I didn't say it was a severe defect but it's not a good practice if you want a secure system. Linux even with flaws is more secure because of the underlying architecture. Windows you don't even need a sudo command to do anything from any account because the architectural safeguards to prevent programs escaping their address space is simply not implemented.
Click to expand...

It's embarrassing how little you know about this.

If what you say was true, no government on Earth would use it.

I suggest you learn a little more about privileges in Windows and how they work.
 
Hanno Labuschagne said:

Linux sudo command bug could give any user root access

Researchers from Qualys have disclosed a vulnerability in the sudo utility that could be exploited to grant system administrator privileges to any user that is logged into a system.

Dubbed Baron Samedit (CVE-2021-3156), Qualys recommended that users apply patches for the vulnerability immediately.

The developers of sudo were informed about the security flaw on 13 January and the bug was patched on 19 January — a week before it was publicly disclosed.
Click to expand...
>sudo rm Hanno
 
Ancalagon said:
It's embarrassing how little you know about this.

If what you say was true, no government on Earth would use it.

I suggest you learn a little more about privileges in Windows and how they work.
Click to expand...
LOL, the privileges in Windows aren't bottom up but top down, you can get by most of them by changing a few settings. And it's also not implemented on the architectural level. Security is primarily based on preventing access to outside parties and not protecting yourself from your employees and wherever it is of critical concern additional measures are usually used to prevent windows itself from having access to privileged information.
 
Swa said:
LOL, the privileges in Windows aren't bottom up but top down, you can get by most of them by changing a few settings. And it's also not implemented on the architectural level. Security is primarily based on preventing access to outside parties and not protecting yourself from your employees and wherever it is of critical concern additional measures are usually used to prevent windows itself from having access to privileged information.
Click to expand...

Please tell the Russians this. They spend a lot of money every year trying to hack into the Americans. Imagine how much money you could save Russia! No need for expensive programmers developing complicated exploits - just change a few settings!

Putin would give you a medal.
 
Ancalagon said:
Please tell the Russians this. They spend a lot of money every year trying to hack into the Americans. Imagine how much money you could save Russia! No need for expensive programmers developing complicated exploits - just change a few settings!

Putin would give you a medal.
Click to expand...
What are you on about? You clearly don't understand the difference between an outside party trying to gain virtual access to a system and an inside party already having physical access.
 
Swa said:
What are you on about? You clearly don't understand the difference between an outside party trying to gain virtual access to a system and an inside party already having physical access.
Click to expand...

No, I do understand pretty well.

You are saying that once someone has physical access to a Windows machine, they can do what they like to it, even if they do not know the password for any of the local administrator accounts.

I am inviting you to think more clearly about the consequences for this, since it would mean that Windows security is not worth a damn. If that were true, do you really think that governments around the world would allow it to be used?

What you are describing is privilege escalation - a category of security flaws. You are saying that, as long as one has physical access to a Windows machine, that all of the privilege escalation safeguards go out the window.

I am asking you to use your brain and realise the absurdity of this.
 
Ancalagon said:
No, I do understand pretty well.

You are saying that once someone has physical access to a Windows machine, they can do what they like to it, even if they do not know the password for any of the local administrator accounts.

I am inviting you to think more clearly about the consequences for this, since it would mean that Windows security is not worth a damn. If that were true, do you really think that governments around the world would allow it to be used?

What you are describing is privilege escalation - a category of security flaws. You are saying that, as long as one has physical access to a Windows machine, that all of the privilege escalation safeguards go out the window.

I am asking you to use your brain and realise the absurdity of this.
Click to expand...
Yet they can. What's absurd is that Windows was programmed like this when the tools were available. If this wasn't the case then how do you think tools can work that let you view and edit memory? Windows was not designed for security, that's a fact. Any security is simply an afterthought. And no competent government department that cares about security relies primarily on Windows to provide security. So the idea isn't as absurd as you might think.
 
Swa said:
Yet they can. What's absurd is that Windows was programmed like this when the tools were available. If this wasn't the case then how do you think tools can work that let you view and edit memory? Windows was not designed for security, that's a fact. Any security is simply an afterthought. And no competent government department that cares about security relies primarily on Windows to provide security. So the idea isn't as absurd as you might think.
Click to expand...
What tools let you view and edit memory? To view kernel memory or other processes memory one usually had to install a kernel debugger server that required admin rights or change boot options for remote kernel debugging (also admin rights).
 
Last edited:
Ancalagon said:
No, I do understand pretty well.

You are saying that once someone has physical access to a Windows machine, they can do what they like to it, even if they do not know the password for any of the local administrator accounts.

I am inviting you to think more clearly about the consequences for this, since it would mean that Windows security is not worth a damn. If that were true, do you really think that governments around the world would allow it to be used?

What you are describing is privilege escalation - a category of security flaws. You are saying that, as long as one has physical access to a Windows machine, that all of the privilege escalation safeguards go out the window.

I am asking you to use your brain and realise the absurdity of this.
Click to expand...
That's pretty much true for any system regardless of OS, physical access is everything, once you have it, it's pretty much game over.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X