Update, and if possible don’t use sudo.
What common distros ship with this version of sudo?
Sudo versions affected:
Sudo versions 1.9.14 to 1.9.17 inclusive are affected.
well I guess it’s roundabout time, logging into root and updating
A critical Linux vulnerability (CVE-2025-32463) in Sudo lets any local unprivileged user gain root via the --chroot (-R) option
Affects default configs on Ubuntu, Fedora & others — no Sudo rules needed
Fix: Update to Sudo 1.9.17p1+ (no workarounds)
CVSS: 9.8 (Critical)
[1]
related: fedora is currently in the middle of a datacenter move and so package updates are currently in freeze: https://www.fedorastatus.org/
it should hopefully complete soon and updates resume
Wouldn’t someone using Run0 prevent an attacker to gain root access in this case?
Also, I believe that if you have AIDE and chkrootkit it could detect the aftermath and if not too late take some action.
Re-warming the discussion in light of a new find:
Is it time to pay closer attention to the security model around sudo?
I was planning on switching to run0 just because, but the added friction of having to type it in every time, and the prompt popping up outside the terminal just felt too foreign for me. Will revisit it when they fix both of those UI/UX issues.
This may be a bit off topic, so moderators feel free to (re)move this post if needed.
I don’t have a fix for the popup prompt. However you can reduce some friction by aliasing sudo to run0 in your “~/.bashrc” like so:
alias sudo="run0"
then reload your .bashrc
source ~/.bashrc
Now anytime you type sudo you are really running “run0”.