{"id":323374,"date":"2019-10-16T10:17:42","date_gmt":"2019-10-16T08:17:42","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=323374"},"modified":"2019-10-16T17:05:53","modified_gmt":"2019-10-16T15:05:53","slug":"big-security-flaw-in-linux-sudo-command","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/323374-big-security-flaw-in-linux-sudo-command.html","title":{"rendered":"Big security flaw in Linux sudo command"},"content":{"rendered":"<p>Apple security researcher Joe Vennix has <strong><a href=\"https:\/\/www.sudo.ws\/alerts\/minus_1_uid.html\" target=\"_blank\" rel=\"noopener noreferrer\">found<\/a><\/strong> a security bug in the important &#8220;sudo&#8221; command in Linux.<\/p>\n<p>The sudo command, which is short for \u201csuper user do\u201d, is widely used in various Linux distributions to separate administrator-level permissions from ordinary system users.<\/p>\n<p>When installing programs, for instance, you would typically use the sudo command. Using sudo in front of any command or program causes it to be run as the administrator, or \u201croot\u201d user.<\/p>\n<p>The bug that Vennix discovered allows a user to bypass restrictions on which programs they are allowed to run as the root user.<\/p>\n<p>While this is a significant vulnerability, Bleeping Computer <strong><a href=\"https:\/\/www.bleepingcomputer.com\/news\/linux\/linux-sudo-bug-lets-you-run-commands-as-root-most-installs-unaffected\/\" target=\"_blank\" rel=\"noopener noreferrer\">notes in its report<\/a><\/strong> that most Linux systems will be unaffected by the bug.<\/p>\n<p><a href=\"https:\/\/xkcd.com\/149\/\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large\" src=\"https:\/\/imgs.xkcd.com\/comics\/sandwich.png\" alt=\"Proper User Policy apparently means Simon Says\" width=\"360\" height=\"299\" \/><\/a><\/p>\n<h3 class=\"my-4\">Bypassing restrictions on sudo<\/h3>\n<p>The sudo command uses a special configuration file called \u201csudoers\u201d, in which system administrators can set which programs any given user may run as root.<\/p>\n<p>If a user is restricted from using sudo on certain programs, they can bypass the restriction using the bug Vennix discovered.<\/p>\n<p>This is done by passing an unexpected user ID to the sudo command.<\/p>\n<p>In addition to running commands as \u201croot\u201d, sudo may also be used to run commands as any other user on the system, provided you have permission to do so.<\/p>\n<p>Each user on the system is given a unique numeric ID in addition to a name. For example, the root user usually has an ID of 0. If I create a new user called &#8220;mybroadband&#8221;, it is common practice for it to get an ID of 1000 or larger.<\/p>\n<p>Simply put, <strong>sudo -u#1000 whoami<\/strong>, will cause the program called &#8220;whoami&#8221;\u00a0to be run as the user whose ID is 1000.<\/p>\n<p>If you want to run the program as \u201croot\u201d, you could just leave off the user ID parameter and use <strong>sudo whoami<\/strong>. However, if the \u201csudoers\u201d file blocks you from running a program as root, you will receive an error.<\/p>\n<p>The bug Vennix discovered lets you bypass such restrictions by passing the user ID of \u20131 or 4294967295 to the sudo command, as follows: <strong>sudo -u#-1 whoami<\/strong>.<\/p>\n<p>Version 1.8.28 of sudo fixes this bug.<\/p>\n<p><a href=\"https:\/\/xkcd.com\/838\/\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large\" src=\"https:\/\/imgs.xkcd.com\/comics\/incident.png\" alt=\"He sees you when you're sleeping, he knows when you're awake, he's copied on \/var\/spool\/mail\/root, so be good for goodness' sake.\" width=\"695\" height=\"309\" \/><\/a><\/p>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/hardware\/297260-linux-laptops-alive-in-south-africa.html\">Linux laptops alive in South Africa<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Apple security researcher Joe Vennix has found a security bug in the important sudo command in Linux.<\/p>\n","protected":false},"author":15,"featured_media":317171,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[605,61402,1799],"class_list":["post-323374","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-apple","tag-joe-vennix","tag-linux"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/323374"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=323374"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/323374\/revisions"}],"predecessor-version":[{"id":323504,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/323374\/revisions\/323504"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/317171"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=323374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=323374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=323374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}