[pid1wow]

Given that the most common use of sudo is to give yourself root to run a command, and malware looking to elevate root can just rig up ~/.bashrc, what use is this patch? What use cases does it apply to and how common are they?

[wongarsu]

Sudo has much more fine-grained abilities for more surgical use-cases, like giving users the ability to only execute certain commands as a certain user, with detailed logging and auditing. It has a pretty involved config file (the pdf docu for it is 80 pages long), a plugin system, a seperate log format and log server, etc

I also believe those use-cases aren't that common anymore since multi-user systems fell out of favor. There is an argument that most of us could use a vastly simpler tool instead to reduce the attack surface. But that tool wouldn't be sudo, because sudo is built around supporting all these use cases.

[bpye]

doas [0, 1] in OpenBSD is somewhat simpler.

[0] - https://man.openbsd.org/doas.1

[1] - https://man.openbsd.org/doas.conf.5

[idatum]

doas.conf makes things clear to me what I'm enabling.

And we have the OpenBSD folks focused on clarity and security.

[alwillis]

Switched to doas a couple of months ago on my FreeBSD box; it’s been a seamless switch.

[cedws]

>and malware looking to elevate root can just rig up ~/.bashrc, what use is this patch?

Apologies for self promotion, but I wrote a relevant blog post that discusses this[0]. Is there any way of mitigating this trivial attack?

I feel like the Unix/Linux security model is broken.

[0]: https://cedwards.xyz/sudo-is-broken/

[KerrAvon]

I’m not following your logic. How does the malicious-but-unprivileged user have write access to anywhere in the sysadmin’s PATH?

[cedws]

The 'exploit' runs under the sysadmin's user. It gets there when the sysadmin inadvertently installs something malicious under their own user, or something they're running is exploited for example.

[_visgean]

Haha I have done exactly that as a joke in highschool https://github.com/Visgean/fakesudo