CVE-2019-14287 Demo Container
I wanted to experiment with the new Sudo security bug recently released (CVE-2019-14287), so I created a quick Docker container to spin up an environment with different users and a vulnerable version. I posted the code for this on GitHub. This container can be run with: docker run -ti cashwilliams/cve-2019-14287-demo Configuration The container has three real users: root alice bob The alice user is configured to have the ability to run any command as any other user (in this case bob as it is the only other user) using sudo -u(user) (command), however is restricted from running commands as root. This is configured in the /etc/sudoers file at the end using: ...