AW SNAP! One of the most important commands in Linux contained a rather nasty security flaw that could have let malicious types gain root access to the operating system.
The bug, which has since been squashed by developers, was found in the sudo command that is used by developers to carry out tasks and run stuff with elevated privileges.
Sudo only enables this if users of the command have the right permissions to do so on a Linux machine or know the root user's password.
The nature of the bug, discovered by Apple researcher Joe Vennix, stems from how Linux assigns user IDs. Normally, a user is given a unique ID (UID) number, which can be used instead of a username when using sudo commands.
But Vennix found that the use of -1 or 4294967295 UID in a sudo command allowed root access - albeit after completing a few steps in sudo - even if the UID number was forbidden from having such access.
From there a malicious user could get up to all sorts of machine borking and cyber nastiness.
But as dangerous as this bug might have seemed, anyone wishing to exploit it would need to have command line control over a Linux system, which isn't enabled by default. So such an attack would have had to have come from an insider with knowledge of particularly vulnerable machines, not that any real-world exploits of the now-dead bug have been recorded.
Linux users with an updated sudo package - version 1.8.28 or later - need not worry about the bug. And those there aren't on that version or newer might want to get updating their systems.
Nevertheless, having such a powerful bug in a powerful common is certainly eyebrow-raising. µ
Firm's first high-end speaker gets the thumbs up from us
Yes. Yes you can
A fantastic ultraportable that's almost devoid of innovation
Screen if you want to go faster