REDHAT-BUG-668879
First published: Tue Jan 11 2011(Updated: )
A Debian bug report [1] indicated that sudo would not ask for a user's password on GID changes, when it should be asking on both UID and GID changes. Normally, sudo does not allow users to change the GID only, but this can be changed by modifying /etc/sudoers to a non-default configuration, such as: %group ALL=(ALL:ALL) ALL rather than the more traditional: %group ALL=(ALL) ALL If you change the UID with sudo, you are asked for the user's password (unless NOPASSWD is specified), but this is not the case for GID changing: $ sudo -l [sudo] password for vdanen: Matching Defaults entries for vdanen on this host: requiretty, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin User vdanen may run the following commands on this host: (ALL : ALL) ALL $ sudo -g mygroup id uid=1001(vdanen) gid=504(mygroup) groups=1001(vdanen),504(mygroup) $ sudo -k $ sudo -g sudo id uid=1001(vdanen) gid=504(mygroup) groups=1001(vdanen),504(mygroup) $ sudo -k $ sudo -u root id [sudo] password for vdanen: uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) Upstream has corrected this issue upstream [2],[3]. Note that the "ALL:ALL" specification is not valid syntax for sudo 1.6.7p5 as shipped with Red Hat Enterprise Linux 4. [1] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641</a> [2] <a href="http://www.sudo.ws/repos/sudo/rev/fe8a94f96542">http://www.sudo.ws/repos/sudo/rev/fe8a94f96542</a> [3] <a href="http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e">http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Todd Miller Sudo |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641
- http://www.sudo.ws/repos/sudo/rev/fe8a94f96542
- http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e
- http://www.sudo.ws/sudo/alerts/runas_group_pw.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=669472
- https://rhn.redhat.com/errata/RHSA-2011-0599.html
- https://rhn.redhat.com/errata/RHSA-2012-0309.html
- https://bugzilla.redhat.com/show_bug.cgi?id=668879
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0010
- agent/severity
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sudo
- canonical/todd miller sudo