*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
Hello I had reported this earlier but my account shows no bugs reported
so here I try again.
On Ubuntu going back for a while now and also including the newest
release
/etc/sudoers contains the below lines on a default install
%admin ALL=(ALL) ALL
The problem is that the admin group doesn't exist by default so if a
user with the name of admin was created they would be in a group of
their own name. It looks like you guys might be using an account named
adm instead of admin? This is also causing other bugs to be reported.
It may seem silly as adding a user requires elevated permissions. If
someone doesn't know about this behaviour or a user is allowed to create
an admin named account through a script they are just a short sudo su
away from controlling a system.
I'd recommend commenting out the /etc/sudoers line or adding an admin
group to /etc/group or changing the admin in sudoers to adm if that is
what you are trying to do.
Aaron Ringo
** Affects: sudo (Ubuntu)
Importance: Undecided
Status: New
--
Incorrect Sudo configuration
https://bugs.launchpad.net/bugs/1843829
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
