56
Bugs Found in sudo (www.linux-magazine.com)
submitted 6 days ago by [email protected] to c/[email protected]
14 comments fedilink hide all child comments
all 15 comments
sorted by: hot top new old
[-] [email protected] 11 points 6 days ago

doas

[-] [email protected] 6 points 5 days ago

I keep seeing people promote doas, but is it really any more secure than sudo? besides just having less eyes on it?

[-] [email protected] 8 points 5 days ago

sudo has a bunch of commands and features nobody (except the person who implemented it) has ever used, giving it quite a large surface of attack. doas is meanwhile much leaner and developed by the OpenBSD community, meaning if a feature has security concerns it won't be implemented no matter how practical. sudo-rs somewhat of a middle ground between the two, not planning on implementing every single feature of sudo while keeping the same core commands and implementing the quality of life features doas doesn't like because they're insecure, and is the solution I personally use.

[-] [email protected] 1 points 5 days ago

Subscribing to this question.

[-] [email protected] 3 points 5 days ago

Ping, not an expert but at least my opinion

[-] [email protected] 2 points 4 days ago

Okay cool, thanks so much for the ping, and answer!

[-] [email protected] 5 points 5 days ago* (last edited 5 days ago)

sudo-rs

[-] [email protected] 1 points 5 days ago

Is it better than doas?

[-] [email protected] 3 points 5 days ago

It's an implementation of sudo in Rust (because of course) that doesn't implement every nonsense feature of the normal sudo giving it a smaller attack surface than the normal sudo while still keeping the familiar commands and ease of use (that doas is somewhat lacking)

[-] [email protected] 10 points 5 days ago

As far as mitigation is concerned, the only thing you need to do is to confirm that your system's sudo version is at least version 1.9.17p1 or later, which can be done with the command sudo -V. If your version is older than 1.9.17p1, update immediately.

[-] [email protected] 6 points 5 days ago* (last edited 5 days ago)

This wouldn't apply to Debian derived distros (e.g. DietPi). I am assuming the fix will backported to the version of sudo shipping with bookworm.

[-] [email protected] 0 points 5 days ago

Why wouldn't this apply?

One day in the future the later version of sudo would become available...?

[-] [email protected] 5 points 5 days ago* (last edited 5 days ago)

I am assuming the fix for the second vulnerability will be backported to the older version in bookworn; 13p1 if I remember correctly.

I've seen theme backport security to older releases of much less important software.

[-] [email protected] 10 points 5 days ago

Already patched and available via updates.

this post was submitted on 08 Jul 2025
56 points (98.3% liked)

Linux

11912 readers
109 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
[email protected]