Sudo bug lets users who are allowed to run commands as another user to run them as root instead
This sudo bug is either very serious or a complete non-issue depending on your use-case. Sudo is typically used to allow one user to run any command as root. However, some do have specialized setups where one user is allowed to run one or two commands as other regular users. The bug would allow that user to run the commands he is allowed to run as other users as root - which typically means that a root shell is within reach.
GNU/Linux distributions typically come with a simple line in
/etc/sudoers which says
%wheel ALL=(ALL) ALL
and that line makes it possible for users in the
wheel group to run any command as
root. Either a user is in the
wheel club where everything is allowed as root or the user isn't. The
sudo security issue assign CVE number "CVE-2019-14287 is completely irrelevant to those typical setups which most GNU/Linux distributions have.
There are some who use the
sudo command in more custom and specialized ways where
CVE-2019-14287 may be a total security scandal: If one user is supposed to be able to run one command as other regular users and only other regular users then this bug is a total security nightmare.
Consider this example
/etc/sudoers configuration line:
yooa myhost = (ALL) /usr/bin/ls
The above line allows
yooa to run the
ls as other regular users. It is not supposed to grant
yooa the right to run
ls as root. However, user
yooa can do that if the system has sudo versions prior to 1.8.28 installed. Sudo version 1.8.28, released on October 14th, is fine.
yooa could use in this case is to run
sudo with the
-u parameter to specify user ID (UID) and the non-valid UID
-1 as argument.
yooa could run:
sudo -u#-1 ls /root
and get a list of the files within the
This trick works in Sudo versions prior to 1.8.28 due to how
getreuid, which sudo calls, threats
-1: They return
4294967295 is used as an argument.
You absolutely should upgrade to sudo version 1.8.28 (or newer) if you are using a setup where some user is supposed to be able to run some command as other users but not root. This bug, while serious for those few affected, is likely totally irrelevant to your configuration. You would know if you have specifically configured a setup where this is a potential problem.
It is important to note that there has to be a sudo configuration line in
/etc/sudoers which allows users to run commands as other users for this to be even remotely relevant. If there is no such
/etc/sudoers configuration, and there isn't unless you specifically set it up line that, then there's no problem.