All it takes is -u#-1 ... Wh%& t#e fsck*?
It's only Monday, and we already have a contender for the bug of the week.
Linux users who are able to run commands as other users, via the sudoer mechanism, though not as the all-powerful root user, can still run commands as root, thanks to a fascinating coding screw-up.
This security vulnerability, assigned CVE-2019-14287, is more interesting than scary: it requires a system to have a non-standard configuration. In other words, Linux computers are not vulnerable by default.
However, if you've set up Sudo in a rather imaginative way – letting users run commands as others except root – then you will probably will want to pay attention. Because your users can bypass that non-root restriction using -u#- ..
Support the originator by clicking the read the rest link below.
){kind=link}