sudo -- local privilege escalation

ID 908F4CF2-1E8B-11E0-A587-001B77D09812
Type freebsd
Reporter FreeBSD
Modified 2011-01-11T00:00:00


Todd Miller reports:

Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo's -g option (run as group), if allowed by the sudoers file. A flaw exists in sudo's password checking logic that allows a user to run a command with only the group changed without being prompted for a password.