Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
vortico
on Feb 2, 2020
|
parent
|
context
|
favorite
| on:
Buffer overflow when pwfeedback is set in sudoers
Running sudo requires the user password, which a script might not know. Unless of course sudo is configured with NOPASSWD.
loeg
on Feb 2, 2020
[–]
This alias just prompts the user twice, as if the user made a typo the first time. Unless you know you're a perfect typist, it's somewhat subtle.
vortico
on Feb 2, 2020
|
parent
|
next
[–]
Not if you have a sudo timeout enabled. Or, the proof of concept could be changed to
alias sudo='sudo ./badscript'
where badscript runs `exec $@`.
loeg
on Feb 2, 2020
|
root
|
parent
|
next
[–]
Good considerations. Thanks.
meithecatte
on Feb 2, 2020
|
parent
|
prev
[–]
Not even that, because sudo keeps your password in memory for a few minutes.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
