Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to upgrade the version of sudo in linux, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

Cause:

The full name of Sudo is "superuserdo". It is a Linux system management instruction that allows users to run applications or commands with the privileges of other users without switching environments, usually as root users, to reduce login and management time for root users and improve security. The vulnerability is an sudo security policy bypass issue that can cause a malicious user or program to execute arbitrary commands as root on the target Linux system, even if the root access is explicitly prohibited by "sudoers configuration".

Vulnerability details

The CVE number of the vulnerability is CVE-2019-14287, which was discovered and analyzed by Joe Vennix, a researcher in Apple's information security department. It is more interesting than scary: it requires a non-standard configuration of the system. In other words, Linux computers are not vulnerable by default. However, if your configuration is to allow users to run commands with privileges other than root, you may need to pay attention: because users can bypass this non-root restriction through-uplink 1 on the command line. If sudo is configured to allow users to run commands as any user through the ALL keyword in the Runas specification, you can run commands as root by specifying user ID as-1 or 4294967295. As long as the ALL keyword is listed first in the Runas specification, even if the Runas specification explicitly forbids root access, users with sufficient sudo permissions can run commands as root. The log entry for a command that runs in this manner lists the target user as 4294967295 instead of root. In addition, the PAM session module will not be run for the command. Specifically: exploiting this vulnerability requires the user to have sudo privileges to run commands as arbitrary user ID. In general, this means that the user's sudoers entry has a special value of ALL in the Runas specification. Sudo supports running commands under a user-specified name or user ID as permitted by the sudoers policy.

Upgrade begins:

1. Check the initial version: [root@yunrong_test ~] # sudo-- version

two。 Download the latest installation package (1.8.28) wget http://www.sudo.ws/dist/sudo-1.8.28p1.tar.gz

3. Compile

4. Install [root@localhost sudo-1.8.28p1] # make install & & ln-sfv libsudo_util.so.0.0.0 / usr/lib/sudo/libsudo_util.so.0

5. [root@localhost sudo-1.8.28p1] # sudo--version

Done!

Thank you for reading this article carefully. I hope the article "how to upgrade the version of sudo in linux" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.