[mnarayan01]

From the vulnerability announcement, it seems like this only allows a user to "set" NOPASSWD for that user's sudo regardless of what's in sudoers. It also doesn't seem to allow escalation beyond what's in sudoers. Am I missing something?

[mnarayan01]

It looks like you can run `sudo -k` without authenticating via password, so I guess you could use this to bypass the password requirement even if the user had not previously entered their password (provided that the account is capable of changing the system time).

It's certainly worth mentioning (and patching), but I wouldn't describe it as "and boom you're root".

[nsmartt]

It sounds like you're overlooking the fact that software could do this without your knowledge.

[simias]

Software that can do this could also just wait for you to run a sudo command and then install a rootkit before the timeout is reached. Or it could keylog your password.

On desktop machines getting root is almost useless, you have all the sensitive information on the user account. Unless the attacker wants to install a rootkit in the kernel or open raw sockets or stuff like that. But if they can run arbitrary code with your UID you've probably already lost anyway.

[nsmartt]

I suppose that's true, but ideally there should be no situation in which you give a program or script access to a terminal with sudo's timeout unreached. Compromising information not stored on the machine should ideally require root.