[217] in linux-security and linux-alert archive
Re: SUDO bug
daemon@ATHENA.MIT.EDU (Jon Lewis)
Mon Apr 24 12:54:52 1995
Date: Mon, 24 Apr 1995 03:29:47 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.chem.ufl.edu>
To: Paul Makeev <mac@lulu.RoSprint.net>
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.950418183742.1220A-100000@lulu.RoSprint.net>
On Tue, 18 Apr 1995, Paul Makeev wrote:
> I'm using sudo v1.1, and has detected strange thing: when user
> just entered his password to sudo prompt, he is able to make other
> sudo's w/o entering the password. It is ok. But if users logs-off,
> and logins in a short time, sudo still doesn't ask for password.
RTM!...This is a documented feature, not a bug. If it worries you,
shorten the time period in the source and recompile.
Was it on another mailing list, or did someone else just ask this a week
or less ago?
------------------------------------------------------------------
Jon Lewis | Mime attachments are OK
jlewis@inorganic5.chem.ufl.edu | But please ask before sending
http://inorganic5.chem.ufl.edu | unsolicited huge files.
|
_____Finger jlewis@inorganic5.chem.ufl.edu for PGP public key_____
[Mod: It was on this list--it appears that Paul Makeev's message got
stuck in the mail queue for a couple/few days (I don't know why), and
the replies to this question (well, one at least) wound up being
delivered before the original message. Apologies for the
confusion--I'll be sending my 'sendmail' binary to bed without supper
tonight for this misbehavior. --Jeff.]
