I need someone to try this on their LinuxMint machine and tell me if this is just my machine or if its a security bug.
run a command with sudo and then control-c without entering your password when asked for it. e.g.
:~$ sudo touch /root/thisshouldnotwork
when asked for your passwd, simply do <CTRL-C>
you may have to log out and back in or open a new terminal window to get a sudo password prompt.
The result that I got on my system was root access. I was able to do a "sudo -s" and then <CTRL-C> pass the password prompt. The system gave me a root shell anyway.
Somebody tell me is this my system or a bug in SUDO that seriously needs to be fixed.
Possible Security Flaw
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
Sapremias
Possible Security Flaw
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
-
McLovin
Re: Possible Security Flaw
it may just be yours, i just tried this and got the following
Code: Select all
sudo: pam_authenticate: Conversation error-
Sapremias
Re: Possible Security Flaw
Did find part of the problem was that you have to have authenticated at least once with sudo. The next time that it ask you for a password you can <CTRL-C> pass the prompt. I've tried this now on 3 different systems, one of which was a newly wiped and clean install with updates applied.