Potential Hack in sudo?

Derek Burdick derek at burdick.cc
Mon Apr 16 11:09:27 MDT 2007


Steve wrote:
>
> touch ~/.sudo_as_admin_successful
> sudo /bin/bash
> su root
> passwd "mynewpassword"
>
> And it worked!
>

.sudo_as_admin_successful just suppresses the sudo help:  
http://ubuntuforums.org/showthread.php?p=1406199
sudo /bin/bash made you root
su root is redundant
passwd changed the password of the root user since you are root from the 
sudo command.

Seems like everything is working as it is supposed to.  sudo is 
configured on your machine to not require a password.

Derek



More information about the PLUG mailing list