On 1/20/2021 I reported that two kids were playing “on Dad’s” Linux Mint computer and managed to “bypass” its password – 1) see: Part VIII: Third Year Begins – Linux ‘n its “Holy Inquisition” post, 2) see: Linux Mint fixes screensaver bypass discovered by two kids article article. Linux is the most insecure OS in the history of OSes, even with possibly the smallest Desktop user base in the history of OSes (2% -+ of the worldwide Desktop OS market share for decades). BTW, their servers are even less secure – 3) see: *Linux Security Issues* page. That page doesn’t get updated very often…just too many daily Linux security issues to keep up with…thusly, 4) run a Google search for something like “Linux security issues” to stay updated.
- Sudo is a Unix program that enables system admins to provide limited root privileges to normal users listed in the sudoers file, while at the same time keeping a log of their activity.
- System admins who use Sudo to delegate root privileges to their users should immediately upgrade to sudo 1.9.5p2 or later as soon as possible.
- In 2019, another Sudo vulnerability — tracked as CVE-2019-14287 — allowed unprivileged users to execute commands as root.
- Luckily, that flaw could only be exploited in non-standard configurations, which meant that most systems running vulnerable Sudo versions were unaffected.
There have been *LOTS* of other Linux SUDO flaws…thusly, this one gets labeled as “New” (CVE-2021-3156) since it happened this month. CVE® ‘is a list of records—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities.’ Looks like “140 CVE Records” on a search for “SUDO” at the CVE® site:
That list dates back to 1999, so maybe SUDO is not a really common problem – or – not a problem that actually gets reported to CVE® very often. Still, if Linux *ACTUALLY* supports Linux for Desktop users, then what is the point of literally *FORCING* Desktop users to deal with ‘Pesky Passwords’, sudo, su, system administrator, superuser, supervisor, root, substitute user, principle of least privilege (PoLP), etcetera ‘n etcetera ‘n etcetera on their *OWN* home computers?!
Another thing I discovered about Linux over the past two years – the Linux Inquisitors running the “Holy Inquisition” don’t care about the Linux Desktop OS nor any Linux Desktop users…they only care about the Linux kernel ‘n their ‘Priesthood’ (aka system administrators) following ‘n preaching the ‘Sacred Scripture’ given to Linus Benedict Torvalds by God.
5) see: Sudo in a Nutshell.
I have basically stopped using any Linux Distro that doesn’t allow me to be the Fulltime Linux Root User on my own home computers, i.e. ‘FUK’ ‘da Linux Inquisitors ‘n their “Holy Inquisition” ‘n their ‘Priesthood’!!! 6) see: Distros w/ *NO* “Authenticate” popup or other ‘Pesky Passwords’.
- I don’t become root to escape the terminal’s password, i.e. one is already at the keyboard if they’re using the terminal, so there is no need to put the mouse down ‘n move to a keyboard. I become root because I hate the “Authenticate” popup/s that requires one to put down the mouse ‘n move to a keyboard in order to type the password ‘n then Authenticate it. GParted requires it, Synaptic Package Manager requires it, adding apps sometimes requires it, some updates require it, etc. Being root stops the annoying GUI “Authenticate” popup/s.
Until Linux stops these archaic OS practices ‘n methods the Linux Desktop/laptop Operating System Worldwide Market Share is going to remain at 2% or less, e.g. 1.34%.
Linux, get yore ‘Priesthood’ off my home computers!
LINUX IS LIKE A BOX OF CHOCOLATES – you never know what you’re gonna get!