Possible Security Flaw

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help
Post Reply
Sapremias

Possible Security Flaw

Post by Sapremias »

I need someone to try this on their LinuxMint machine and tell me if this is just my machine or if its a security bug.

run a command with sudo and then control-c without entering your password when asked for it. e.g.

:~$ sudo touch /root/thisshouldnotwork

when asked for your passwd, simply do <CTRL-C>

you may have to log out and back in or open a new terminal window to get a sudo password prompt.

The result that I got on my system was root access. I was able to do a "sudo -s" and then <CTRL-C> pass the password prompt. The system gave me a root shell anyway.

Somebody tell me is this my system or a bug in SUDO that seriously needs to be fixed.

McLovin

Re: Possible Security Flaw

Post by McLovin »

it may just be yours, i just tried this and got the following

Code: Select all

sudo: pam_authenticate: Conversation error

Sapremias

Re: Possible Security Flaw

Post by Sapremias »

Did find part of the problem was that you have to have authenticated at least once with sudo. The next time that it ask you for a password you can <CTRL-C> pass the prompt. I've tried this now on 3 different systems, one of which was a newly wiped and clean install with updates applied.

Post Reply

Return to “Other topics”