Potential Hack in sudo?

Derek Burdick derek at burdick.cc
Mon Apr 16 11:09:27 MDT 2007

Steve wrote:
> touch ~/.sudo_as_admin_successful
> sudo /bin/bash
> su root
> passwd "mynewpassword"
> And it worked!

.sudo_as_admin_successful just suppresses the sudo help:  
sudo /bin/bash made you root
su root is redundant
passwd changed the password of the root user since you are root from the 
sudo command.

Seems like everything is working as it is supposed to.  sudo is 
configured on your machine to not require a password.


More information about the PLUG mailing list