​Why You Must Patch the New Linux sudo Security Hole

217

If you want your Linux server to be really secure, you defend it with SELinux. Many sysadmins don’t bother because SELinux can be difficult to set up. But, if you really want to nail down your server, you use SELinux. This makes the newly discovered Linux security hole — with the sudo command that only hits SELinux-protected systems — all the more annoying.

Sudo enables users to run commands as root or another user, while simultaneously providing an audit trail of these commands. It’s essential for day-in, day-out Linux work. Qualys, a well-regarded security company, discovered this essential command — but only on systems with SELinux enabled — can be abused to give the user full root-user capabilities.

Or, as they’d say on the Outer Limits, “We will control the horizontal, we will control the vertical.” This is not what you want to see on your Linux server.

Read more at ZDNet