Unix-based operating systems, such as macOS and Linux distributions, offer the “sudo” command to open programs and perform tasks with elevated privileges. An Apple researcher discovered a vulnerability in this command that allows unauthorized access as a superuser, even if you don’t know the password. Fortunately, the flaw is more restricted than it looks and has now been fixed.
There are some tasks in Linux distributions that are restricted to the superuser, called “root” – for example, installing new programs. To do this, it is possible to run the sudo command in the terminal, where you will have to enter the password.
When running the sudo command, you can enter your username or an identifier code called UID. For example, assuming the userb have UID 1001, you could use two different commands to open the Vim text editor: “sudo -u usuariotb vim” or “sudo -u # 1001 vim”.
Joe Vennix, Apple security researcher, found out that it is possible to run the sudo command successfully using UID -1 or 4294967295, even if you are not the superuser. It treats you as if you have root access (UID 0), and there is no need to enter a password, as these UIDs do not have passwords associated with them.
Failure requires poorly configured “sudo” to function
However, taking advantage of this vulnerability is not exactly easy. It is necessary that the configuration file of the sudo command, called “sudoers”, let the user run some commands as if he were another user. By default, most Linux distributions do not allow this.
“Although this bug is powerful, it is important to remember that it only works if a user has access to a command via the sudoers configuration file”, explains the Bleeping Computer. Otherwise, the vulnerability cannot be exploited.
That is, the majority of Linux and macOS users will not be affected. Still, as this is a serious flaw, sudo has been updated to version 1.8.28 to address the issue.