"The Reg FOSS desk encountered sudo in the first public beta of Mac OS X, way back in 2000, but the classic C version is a venerable tool. It's so old that precise initial dates are lost to time, but the project's own history says it dates back to 1980. (The project's logo is much younger than the code - it's a reference to a 2006 XKCD comic.) Ubuntu has included the sudo command - and discouraged use of the all-powerful root account - since its very first release, 4.10 "Warty Warthog.""
"We've fixed two issues which for convenience I'll call the "password timeout issue" and the "timestamp auth" issue. 1. Password timeout issue ("Low" severity) Normally, sudo asks for a password with a timeout (default = 5 minutes). The problem was, if you type something in and DON'T hit Enter, whenever the timeout occurred you would see whatever you typed in spat back out at the terminal (except if you had the pwfeedback setting enabled, which most users probably don't). Essentially, this enables a social"
Ubuntu 25.10 introduced a Rust-based sudo implementation, sudo-rs, which contained two security issues that were disclosed and quickly remediated. The two issues are described as the "password timeout" and the "timestamp auth" problems, with the password timeout categorized as low severity and capable of echoing unsubmitted typed characters on timeout. The vulnerabilities are considered fairly minor and difficult to exploit. The classic C sudo dates back to around 1980 and has been included in Ubuntu since its first release; sudo-rs is a total rewrite led by Marc Schoolderman.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]