On Tue, Feb 07, 2023 at 03:27:52PM +0100, Jean Delvare wrote: > The following project was brought to my attention: > > https://github.com/adamreiser/dmiwrite > > The project demonstrates how a very permissive sudo configuration can > let an attacker abuse dmidecode for privilege escalation. While it > doesn't exploit any bug in dmidecode, I still consider this a serious > issue as apparently such permissive sudo configurations can be found in > the wild. > > Therefore, I decided to add some security hardening to dmidecode to > prevent system administrators from shooting themselves in the foot. > Hopefully the restrictions I'm adding should not affect regular users > of dmidecode who are using this tool for its intended purpose.
Reviewed-by: Jerry Hoemann <jerry.hoem...@hpe.com> > > -- > Jean Delvare > SUSE L3 Support -- ----------------------------------------------------------------------------- Jerry Hoemann Software Engineer Hewlett Packard Enterprise -----------------------------------------------------------------------------
