{"id":7846,"date":"2013-09-12T18:42:22","date_gmt":"2013-09-12T23:42:22","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=7846"},"modified":"2013-09-12T18:42:40","modified_gmt":"2013-09-12T23:42:40","slug":"using-sudo-without-a-password","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2013\/09\/12\/using-sudo-without-a-password\/","title":{"rendered":"Using &ldquo;sudo&rdquo; Without a Password"},"content":{"rendered":"<p><a href=\"http:\/\/www.sudo.ws\/sudo\/alerts\/epoch_ticket.html\">Todd C. Miller<\/a> (via <a href=\"http:\/\/arstechnica.com\/security\/2013\/08\/unpatched-mac-bug-gives-attackers-super-user-status-by-going-back-in-time\/\">Dan Goodin<\/a>):<\/p>\n<blockquote cite=\"http:\/\/www.sudo.ws\/sudo\/alerts\/epoch_ticket.html\"><p>The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user&rsquo;s password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is a greater chance that the logged in user has run sudo before and thus that an attack would succeed.<\/p><\/blockquote>\n<p>The bug was reported in <a href=\"http:\/\/nakedsecurity.sophos.com\/2013\/03\/07\/anatomy-of-a-bug-the-five-minute-insecurity-window-in-the-sudo-command\/\">March<\/a>. Mac OS X 10.8.5 ships with sudo 1.7.4p6, which would seem to be within the <a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-1775\">range of versions<\/a> exhibiting the bug.<\/p>","protected":false},"excerpt":{"rendered":"<p>Todd C. Miller (via Dan Goodin): The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user&rsquo;s password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,30,48,582,318],"class_list":["post-7846","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-mac","tag-security","tag-sudo","tag-terminal"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7846","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=7846"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7846\/revisions"}],"predecessor-version":[{"id":7847,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7846\/revisions\/7847"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=7846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=7846"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=7846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}