https://mathscantor.github.io/tags/sudo/ Recent content in Sudo on Mathscantor's Cybersecurity Blog Hugo en <a href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank" rel="noopener">CC BY-NC 4.0</a> Tue, 21 Apr 2026 20:21:33 +0800 https://mathscantor.github.io/posts/sudo-cve-2023-22809-analysis/ Tue, 21 Apr 2026 20:21:33 +0800 https://mathscantor.github.io/posts/sudo-cve-2023-22809-analysis/ <h2 id="1-introduction">1. Introduction</h2> <p>If there is one binary that every Linux user has typed at least once, it&rsquo;s <em>sudo</em>. It is so deeply embedded in the muscle memory of sysadmins and developers alike that most people don&rsquo;t even think twice about it. But CVE-2023-22809, discovered by Matthieu Barjole and Victor Cutillas of <a href="https://www.synacktiv.com/">Synacktiv</a>, reminds us that even the most trusted tools can hide dangerous bugs.</p> <p>This vulnerability is a privilege escalation in <em>sudoedit</em> (<em>sudo</em>&rsquo;s built-in file editing mode). By injecting a <code>--</code> separator into an environment variable like <code>EDITOR</code>, a local attacker can trick <em>sudo</em> into editing arbitrary files as root, even if the sudoers policy only permits editing a single, specific file.</p>