我在用Linux 薄荷 19.3。这几天有解释说如果版本在1.7.1到1.8.25p1之间sudoers则文件存在缓冲区溢出。sudo
还有一个命令可以查看你是否受到爆炸的影响。
如果sudo -l命令的输出包含'pwfeedback其中,您就会受到影响。
您应该将 sudoers 文件更改为!pwfeedback.
虽然 sudoers 文件不包含它,但当我检查 时sudo -l,输出如下:
Matching Defaults entries for da on of:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, pwfeedback
User da may run the following commands on of:
(ALL : ALL) ALL
(root) NOPASSWD: /usr/bin/mint-refresh-cache
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/synaptic-workaround.py
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/dpkg_lock_check.sh
但文件的输出sudoers不包含pwfeedback.
da@of:~$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
该/etc/sudoers.d/0pwfeedback文件只有一行并包含它。当我添加!并pwfeedback运行命令时sudo -l,输出不会改变。又来了!pwfeedback。
我有点困惑。我是否受到该漏洞的影响?又如何让pwfeedback消失不受这个漏洞的影响呢?