-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, 2021-08-12 at 07:38 +0200, Niels Thykier wrote: > Timothy M Butterworth: > > All, > > > > I just ran across this article > > https://blog.ikuamike.io/posts/2021/package_managers_privesc/ I > > tested > > the attacks on Debian 11 and they work successfully giving me a root > > shell prompt. > > > > Tim > > > > Hi Tim, > > All of the attacks presented assumes that the local user has "sudo" > permissions to run apt and use that as the basis for escalating > privileges (not commenting on yum or snap). > > I think it is a good demonstration of how some sudo policies are too > lenient and can be exploited. Though I am not sure this is a bug in > apt, as I do not think apt ever promised to be "safe" to use from a > constrained sudo policy. >
Would you agree that there is an issue with sudo access that is enabled by default on most Debian and Debian-based distributions? The bug may not be in apt, but it definitely lives somewhere. > Thanks, > ~Niels > -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEE9fpVo96/flopdKOfgw2Ncu3Nhn0FAmEUu9UTHGJyaWFuQGhh c2h2YXVsdC5pbwAKCRCDDY1y7c2Gfb8QD/sH4ko8qsI7Dxyf4t8oM7bRWnGeyYXG C+e/7kb8ePKXJcSIspbzlEHefsp/chqjWQnA8f3Kqjdn77eGVecxk5O7cyN0nJyC Ih3LyLvuU2CoeLsPw7+0g4Ta81sdNh22xl/M1V3Fkbg5E1AWL7dSLwuj7LzgH5Fo w/YudfGKiyZD7gtdgOP3rfae0rLsgxklUsZQOSEEHyYGuwWZRhwNimWnytKI9XC2 z4LrAxeW07e3GA/RjUWp86/+Lub7RchirCvkV2HpAFRY88mBQbHGLjskyRma3FQ4 rfkuGOQ8R34MHuth7HeSjzuKQhqQ7FRFbH5n0rPB1O20jnjbtO/0UuQ88Foha2Um +S//kLXXpPEo/52nBGnT9KmRTTaMAmqbZPTuE2F5T2hLtNBhgK8HPEcMpn7jW1vT EYYg3aoNvO6pFe0jL9gGomViS+JoCcFkXQI4xaPqkQchjOkTaQNym8alxDiZqwEk rKq8Fz3mTlMYQHpuTM9qNLPCkTWlMg+mFsEarZJcWtjrHiqIKFFPAH+G9SMqHRxD LUcU0iKcoZtBvtSnDnt8QFhwc9eWPFqitoPihliAkfORC7KMmMJ5QgEd0TN/5r6n LmyVo7n8zF2D1ZwUAty3WfWMpRgx8TC2keXsuLWyqW9EZO/PSQplO86tjzYDYWfg WgY5vDsL7eMzFg== =QmLv -----END PGP SIGNATURE-----