Tiny Core Linux

General TC => General TC Talk => Topic started by: Rudock1 on October 16, 2019, 11:13:01 AM

Title: Linux sudo flaw (CVE-2019-14287)
Post by: Rudock1 on October 16, 2019, 11:13:01 AM
Hi all,

Just thought I'd share a recent article about sudo.  I realize our TC approaches root, su and sudo differently than most other distributions, but I'd appreciate hearing from our resident experts with any opinions, concerns or suggestions.

https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html (https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html)

thx
Billy
Title: Re: Linux sudo flaw (CVE-2019-14287)
Post by: curaga on October 16, 2019, 01:14:14 PM
That vulnerability lets you become root with sudo, if the config is set such that you can become another non-root user but not root. Our config, like that of most distros, lets you become root only; further, there is no password for it by default, so this vuln doesn't really concern TC.
Title: Re: Linux sudo flaw (CVE-2019-14287)
Post by: vinceASPECT on October 17, 2019, 05:09:49 PM
Yes ........forum,


There are vulnerability's abound.   That is how all the worlds handhelds are vulnerable. Billions of devices. Due to CPU vulnerability's.

The same is true of Msoft.  The free Hirens Boot  CD ....allows (with simple usage)  a novice user to access any windows networked machines.  Simply bypassing all manners of security logins at ***any*** level.

Just put my 2 cents.......   sudo Gone to SPECSAVERS........(  jokin)

Vince.