How to disable sudo on CentOS 6 to prevent CVE-2021-3156?
chmod 0644 /usr/bin/sudo will effectively disable sudo for non-root users. It removes the setguid bit, so sudo will work as epxected for scripts executed by root, but not for other users.
Do we have other fix for CVE-2021-3156 on CentOS 6 except disabling sudo?
Upgrade to a supported release. If you run CentOS 6 with untrusted local users, it’s probably just a matter of time before a new local privilege escalation surfaces.
Will we be able to execute su – after disabling sudo?