It only works if you've got a specific, somewhat unlikely configuration. You need to have ALL in the user specifier, but not root (or else it's not a vuln, just a bug). So
> username ALL=(ALL, !root) ALL
would be vulnerable; this is trying to let username run commands as any other user _except_ root, but using this vuln the user can get around it.
You can duplicate it by running (as a user with sudo ALL privileges) `sudo -u#-1 id`; it'll show 0, for root.
4 comments
[ 4.1 ms ] story [ 20.2 ms ] thread:/
> username ALL=(ALL, !root) ALL
would be vulnerable; this is trying to let username run commands as any other user _except_ root, but using this vuln the user can get around it.
You can duplicate it by running (as a user with sudo ALL privileges) `sudo -u#-1 id`; it'll show 0, for root.