Originally discovered in Linux, this is a flaw in the sudo command (CVE-2021-3156), which allows other commands to be executed with full rights, and also affects Mac security using a method called heap overflow which attacks the cache, Qualys researchers discovered how to use sudo without password to gain computer administrator rights
The vulnerability has been around for at least 10 years, but it was only recently discovered to be exploited. It requires system access, which limits direct risks, even if the villain can rely on the installation of malware to achieve his goals. buts.
According to ZDNet reports, Many security researchers have confirmed flaws in Mac devices (Intel et Apple Silicon), including macOS Big Sur 112 released this week after contacting the site, Apple declined to comment, but we imagine the fix is Ongoing Configuration
To be boring: Linux is a kernel, sudo is a command found in many Unix-like distributions but not in all Linux kernel-based distributions 🤓😉
Joking aside on the name of the operating system is almost a political question, and I'm a GNU fan. / Linux, Richard Stallman vit 😃😉
It's always impressive to have a buffer overflow to control this level of sensitivity and it's relatively old. 🤯
@ YetOneOtherGit: “In the world of Unix, sudo is a relatively new thing 😉
The very old in this universe is really the oldest »
The widespread use of sudo in Linux distributions (sorry, “GNU / Linux”) is relatively recent but Sudo itself is forty years old (like many things, luckily he didn't wait for Linux), what does not. didn't make him a young man, even in the Unix world
But then, it is true that this defect is relatively recent with all this
Who knows ? We could one day discover a vulnerability that has existed since the first versions of sudo 🙂
Buildings certainly are, but they remained very marginal in all Unix families until at least in the years 1990
@ YetOneOtherGit: “The building is indeed, but it remained very marginal in all Unix families until at least the 1990s”
It was mainly on BSD, but it was there and so it is not “relatively new” 😛 😀
I have a very fuzzy memory because it has already been used in NeXTStep, but it is very likely that I am involved in something else
“It was mainly on BSD, but it exists and therefore it is not” relatively new ” 😛 😀 “
I was using Sun OS which was BSD and I don't have sudo memory as standard (I still have the classification block in the basement where all human content is printed) there I have to check it
“But then, it is true that this defect is relatively recent with all this”
Yes, and here is one of the pbs: few people can care about the safety of an essential and reliable tool
The case of entering the session password also arose when pressing the delete key 28 or 29 time (or something like that), MacGe mentioned it some time ago
No risk of this kind of defect for the moment! Fortunately with Covid-19, the majority of thugs find it difficult to distance themselves socially
Physics is about getting away from people. Anyway, you only need to see a section for sale to see that it is not
Only our loved ones are far from them, therefore social relations seem fairer.
Remember the 6 January: a group of rabid thugs stormed the Capitol building, apparently social distancing was their least feared.
They did not hesitate to confiscate the computers that came into their hands.
What, by the way, brings a new color to the concept of attack by “force brute”
With the concept of protection against stupidity, the mass of his nut with his face exposed was an ode to Darwinism 😉
It is really time to remove the most controlled programs written in C and replace them with an unsafe language
Can you develop for beginners like me?
It's pretty sure what I've always heard
Non, It is not at all safe from a memory management point of view
Simply because the tools he provides for this are very basic and almost all of this management is the responsibility of the developer, who suddenly has a lot of freedom and who is paid with a lot of responsibility.
As long as you do not run out of memory allocated for the process, you can read and write anything anywhere without being reminded of the request.
This has created countless problems for decades at best, you end up with a crash process (because he ended up trying to access memory outside of its allocated space) In the worst case, we have a security hole like this , or data corruption
Most recently created programming languages have used a more sophisticated approach to memory management., offering more protection against programming errors of this type
But there is a lot of C code written every day, which is constantly updated So we have not finished seeing this kind of problem
I can only agree with you on these results, and by God I produced volumes of C
I am amazed to discover that unfortunately many young people still see C as a sacred cup imagined with an aura made of myths
It's not spit on K&R nor on the language that has accompanied me for a long time
CCPAP recognized online press service number 0924 W 93490 All rights reserved
Version 13 Reset private data settings
sudo, macOS, Apple, THE, Computer, Macintosh, Linux
News – FR – A bug in sudo allows controlling a Mac