Sudo is a Bloated Insecure Mess (install doas)

preview_player
Показать описание
In this video I go over a recent sudo vulnerability, explain why you should use doas, and show you how to install doas.

explanation of buffer overflow in sudo

₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿

Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436

Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV

Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079

Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF

Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz

Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr

Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14

Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp

Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC

USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB

and be sure to click that notification bell so you know when new videos are released.
  1. Mental Outlaw
  2. Mental Outlaw
  3. mental
  4. outlaw
  5. sudo vulnerability
  6. sudo vulnerability 2020
Рекомендации по теме
Sudo is a 0:09:47

Sudo is a Bloated Insecure Mess (install doas)

Sudo Is Bloat. 0:11:20

Sudo Is Bloat. Use Doas Instead!

Doas I Do 0:09:38

Doas I Do To Avoid This Sudo Vulnerability

Swapping sudo with 0:02:25

Swapping sudo with doas

doas Is A 0:15:08

doas Is A Great Alternative to Sudo

doas - Replace 0:10:08

doas - Replace sudo With The Secure & Lightweight Alternative from OpenBSD!

highfold sudo 0:00:16

highfold sudo

Configure doas (sudo 0:01:39

Configure doas (sudo alternative) on OpenBSD under 2 minutes

Sudoedit Is The 0:09:08

Sudoedit Is The Most Useful Linux Command

RIP Sudo, Open 0:14:11

RIP Sudo, Open Doas Is My New Best Friend

Yet Another sudo 0:11:31

Yet Another sudo Alternative - doas on Linux

Sudo is not 0:13:26

Sudo is not bad, keep using it

sudo schmudo... Why 0:03:33

sudo schmudo... Why aren't we all using doas? [FreeBSD OpenBSD Linux]

How To Change 0:15:22

How To Change Your Sudo Lecture To Something Interesting

Linux sudo bug 0:09:19

Linux sudo bug allow privilege escalation attacks

What you most 0:24:16

What you most likely did not know about sudo…

The SUDO Vulnerability 0:05:13

The SUDO Vulnerability - CVE-2021-3156 - Fix it now!1.8.2-1.8.31p2 or 1 .9.0 to 1.9.5p1 vulnerable

Linux users when 0:01:13

Linux users when there's 1 bit of bloat

Why 'sudo' when 0:10:39

Why 'sudo' when you can just 'su'?

Sudo bypass user 0:01:29

Sudo bypass user restriction | CVE-2019-14287

SICHERHEITSLÜCKE im Messie-Haushalt 0:10:31

SICHERHEITSLÜCKE im Messie-Haushalt von sudo? Wie Du Dich SCHÜTZEN kannst! | #linux #sicherheit

# How to 0:04:47

# How to patch #CVE-2021-3156 #sudo #BufferOverflow

Replace SUDO with 0:06:49

Replace SUDO with DOAS on Debian/Devuan

Decade old Sudo 0:33:51

Decade old Sudo vulnerability allows attackers to gain root privileges on Linux CVE-2021-3156

Комментарии
Автор

Reject sudo, embrace running everything as root, just as Terry would have wanted

Calajese
Автор

I'm not sure I feel comfortable trusting the security of my machine to some random dude who hopefully ported a BSD app to Linux properly.

AROAH
Автор

Normally I agree with some of your arguments even if I don't agree with the general point of the video, but can't on this one: you're recommending that because there's a CVE on sudo, you're replacing a program with over 10k commits, combed through by thousands of eyes, for another one that's only ~100 commits? even if your pc was on the sidewalk, the chance of someone executing that exploit is minimal at best.

TheWilldrick
Автор

The proper term would be unsecure, insecure means it feels bad about itself, but to be honest, sudo probably would feel bad about itself.

posonseede
Автор

its funny because I'm gonna use sudo to uninstall sudo

mawi
Автор

Still 100x better than windows 10 administrator permissions

karai
Автор

If you remove the included dependencies it brings the actual amount of C LOC down to 15k. Still nothing to sneeze at, but it's not 400k. (That 400k also includes translations into many languages, e.g.)

Also, you didn't remove the "insecure bloated mess", you just added another program that does the same but isn't in package management. After that, I'd say your system is less secure than it was before.

Personally I think 1 vulnerability a year for what is a pretty huge attack vector is a good track record.

Nothing against doas, I know nothing about it and it might really be the better alternative. But this is not how to solve that problem.

nordern
Автор

Next video: Gentoo is a bloated mess. use LFS instead

yn
Автор

Tfw you jump ship just to come running back when it turns out doas was more flawed and Sudo gets a patch

supremelizard
Автор

I do this:
export AUTH="doas"
alias sudo=$AUTH
And I use $AUTH in every script of mine so it's easier to replace. In a system with no doas, I just set AUTH to sudo and everything works.

censoredterminalautism
Автор

This video misleads people into believing that sudo is bad and a port of doas is secure. EVERY software has bugs, well maintained software gets its bugs fixed fast. Doing what this video suggests causes more harm than good.

jefferson-silva
Автор

>Implying I use soodo
>Implying I don't just run everything as root

>Implying I'm not a Windows user

XZenon
Автор

He’s also telling people that 10x fewer lines of code somehow indicates the “application” is more secure. There are several attack vectors and it’s rarely based on the number of lines of code, exploiting the dependencies, modules, heap, etc are all unrelated to the number of lines in a given repo. The sudo vulnerability was actually in the ‘sudoers’ command. But again, geek squad.

bits_for_bytes
Автор

This is the first video of this channel I wached which I judge really poor. Judging by the popularity of slicer69's forc of doas, this seems more like "security by obscurity" to me.

lucaherrmann
Автор

Why would you use doas, if you then keep sudo around and just keep updating it? There is no point. Your system will now be vulnerable to bugs from both.

Joe-uckf
Автор

"Bloated Insecure Mess" I thought you were talking to me

SemNikit
Автор

8:43 Your "au" command alias is wrong. You wrote "upgarde" instead of "upgrade"

Jamiered
Автор

I think it's extremely important to point out that you are responsible for updating it if you are in a situation where you have to build the program yourself. If your goal is to avoid unpatched exploits, them maybe don't install from source unless you have a method of updating it alongside everything else 🙂

Автор

"permit persist keepenv user as root" is a better line for the doas.conf file. What it does is fairly obvious. You could also have a group of people allowed to run as root like "permit persist keepenv :wheel as root".

yepstill
Автор

How would aliasing sudo to doas remove the vulnerability? The heap overflow exploit is done by someone logged in as a user and running some script that breaks sudo. All the hacker would need to do is remove your alias and the hack would work just fine. Or am I missing something?

lyingcat
welcome to shbcf.ru