One of Linux’s most important commands had a glaring security flaw

One of Linux’s most important commands had a glaring security flaw
Advertisements

The quirk revolved around sudo’s treatment of user IDs. If you typed the command with a user ID of -1 or its unsigned equivalent 4294967295, it would treat you as if you had root access (user ID 0) even as it recorded the actual user ID in the log. The user I…
Read More