136: Linux Sudo Bug, KDE Plasma 5.21, Tails OS, Firefox 85, Ubuntu + Wayland | This Week in Linux

3 Likes

Thanks, @MichaelTunnell - very interesting and informative, as usual :slight_smile:

I remember the (proprietory) Motif widget set for X from back in the 90s. That was before either GNOME or KDE were around. We used Window Managers then and I seem to recall having to manually edit X configuration files for this. Was possible to fry multisync monitors quite easily in those days if you got refresh rates wrong when starting X manually!

Glad Debian patched sudo promptly, as I’m sure everyone else did. Given how critical this program is, I wonder if it’s ever been independently audited? Might be useful. I’ve just started looking at GTK coding working from the C original then going upwards to C++ and other bindings. They recommend a classic (now online) text on security when coding for Linux as the types of errors that can cause security breaches often aren’t covered in programming courses.

I am especially interested in UBPorts work and wonder if they’ll be affected much by Qt LTS becoming commercial only. Always good to hear of updates to stalwarts like Plasma and Firefox too!

1 Like

The logic behind Firefox removing SSB functionality because the feature had no “user benefit” seems flawed to me. Of course it didn’t benefit me as a user because I had no clue it even existed!!!

I use Ice (a PeppermintOS project that I have installed on Kubuntu by manually downloading the deb from Launchpad) to achieve that functionality. Had the Firefox feature been presented in the UI somewhere I would absolutely have used it and it would have most likely been of benefit.

Command to see if you have the sudo bug:

sudoedit -s '\' `perl -e 'print "A" x 65536'`

If your server/desktop has the bug it’ll output:

malloc(): corrupted top size
Aborted (core dumped)

If not:

usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-D directory] [-g group]
[-h host] [-p prompt] [-R directory] [-T timeout] [-u user]
file …

2 Likes