Press "Enter" to skip to content

One Of The Most Important Commands In Linux Has A Glaring Security Error

If you have employed the Linux command line or a Unix-supported platform such as macOS, you are almost certainly well-aware with the “sudo” command. It allows you operate tasks with various (normally elevated) accesses as compared to what you would otherwise have. It is powerful, but it was actually too powerful till now. Coders have fixed an error in sudo that allow you get root-level permission even if the configuration openly bans it. So long as a bad actor had sufficed access to operate sudo, they could carry our any action they wished on a given device.

The flaw revolved around the treatment of user IDs by sudo. If you entered the command with a -1 user ID or 4294967295 (its unsigned equivalent), it might treat you as if you had root permission (user ID 0) even as it calculated the actual user ID. The user IDs do not exist in the database of the password, either, so the command will not need a password to employ it.

Linux consumers can update to a newer sudo bundle to fix the error. You may not be vulnerable immediately, as any bad actor will require having command line control over your device before they can even think of exploiting the error.

On a related note, facial recognition tech earlier mistakenly targeted 4 out of 5 innocent people as wanted criminals, as per study from the University of Essex. The analysis found that the tech employed used by the Metropolitan Police in the UK is 81% imprecise and sates that it is “highly likely” the system might be found illegal if challenged in court. The analysis is the first sovereign evaluation of the plan since the tech was first employed in August 2016 at Notting Hill Carnival.

Kelly Rivera
Kelly Rivera Author
Lead Editor At Global Newspaper 24

Kelly has been one of the most knowledgeable personalities in the Global Newspaper 24’s Business section team. While she has completed MBA in Finance Degree, she has always demonstrated her core knowledge in business management and affection toward the freedom of expression through words by crafting superlative news reports for all the readers of the Global Newspaper 24 platform. At present, Kelly works as the Head of the Business Department and is responsible for checking all the news reports for readability while adhering to the quality standards of Global Newspaper 24. Kelly is a super-active personality that loves to write news reports on various topics such as mergers & acquisitions, latest product launches, and major business events.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *