Buffer overflow in sudo

[BU508A]

There is a buffer overflow in sudo. I recommend to update it to the newest version.

https://www.sudo.ws/alerts/unescape_overflow.html

[Ed.Kloonk]

There is a buffer overflow in sudo. I recommend to update it to the newest version.

https://www.sudo.ws/alerts/unescape_overflow.html

Or 'do' yourself a favor and run doas instead.

doas gives you root access without all the bloat that is in sudo that has features only for permission maniacs.

[Halcyon]

Why bother changing to a whole new way of doing things when the problem has been fixed?

[Ed.Kloonk]

Why bother changing to a whole new way of doing things when the problem has been fixed?

Most people just want to elevate to root. Both progs can do it but doas doesn't contain all the bloat that sudo does.

[Nominal Animal]

Why bother changing to a whole new way of doing things when the problem has been fixed?

Most people just want to elevate to root. Both progs can do it but doas doesn't contain all the bloat that sudo does.

It's good for there to be more than one way, and doas has been designed to do almost all that sudo does.  "Just elevate to root" is how many end users use it, but its true purpose is to switch between differently-privileged user accounts.

Unfortunately, it hasn't been packaged for Debian or Debian derivatives yet, and actually needs a bit of work to work with Linux PAM.  Fortunately, OpenDoas seems to be progressing nicely, although I haven't pored through the code myself.

(I've done quite a bit of work wrt. privilege separation via sudo, filesystem capabilities in Linux, and Apache SuEXEC mechanism.  They are rather large hammers for things that often could be done better (more securely and robustly) via other ways...  Just don't get me started on the assumptions of the Apache SuEXEC mechanism and how it propagates a nonsensical view of proper privilege separation for web services.)