How to expose the loophole of Sudo rights promotion in Linux 04/05 Update SLTechnology News&Howtos

How to expose the loophole of Sudo rights promotion in Linux

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/01 Report--

This article introduces how to expose Sudo rights loopholes in Linux, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Sudo specifically refers to "super user". As a system command, it allows users to run programs or commands with special privileges without having to switch environments (typically running commands as root).

By default, in most Linux distributions (as shown in the screenshot), the ALL keyword in the RunAs specification file of / etc / sudoers allows all users in the admin or sudo group to run any command as any valid user on the system.

However, because privilege separation is one of the most basic security paradigms in Linux, administrators can configure sudoers files to define which users can run which commands.

In this way, the substrate restricts the user from running specific or any commands as root, and the vulnerability may also allow the user to bypass this security policy and take full control of the system.

Sudo developers said: "as long as the Runas specification explicitly prohibits root access and lists the ALL keyword first, users with sufficient sudo privileges can use it to run commands as root."

It is reported that the vulnerability was tracked and discovered by Joe Vennix of Apple's information security department (CVE-2019-14287). And to take advantage of this bug, just need Sudo User ID-1 or 4294967295.

This is because the function that converts the user ID to the user name mistook-1 (or invalid equivalent 4294967295) for 0, which happens to be the root user User ID.

In addition, because the User ID specified by the-u option does not exist in the password database, no PAM session module is running.

What is Linux system Linux is a free-to-use and free-spread UNIX-like operating system, is a POSIX-based multi-user, multi-task, multi-threaded and multi-CPU operating system, using Linux can run major Unix tools, applications and network protocols.

On how to expose Sudo rights loopholes in Linux to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.