[904] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] SUDO problems

daemon@ATHENA.MIT.EDU (Stefan `Sec` Zehl)
Sat Jul 13 21:37:51 1996

From: Stefan `Sec` Zehl <zehl@informatik.tu-muenchen.de>
To: blue@buttercup.cybernex.net (Blue)
Date: 	Sun, 14 Jul 1996 00:20:27 +0200 (MESZ)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199607111844.OAA31342@buttercup.cybernex.net> from "Blue" at Jul 11, 96 02:44:05 pm

Blue wrote:
[...]
> However, if there is another terminal logged in, or logs in, during that 
> period, they can use SUDO without entering a passwd.  SUDO asks for a 
> password to ensure that an unattended terminal isn't used to run programs 
> with root, and this allows that to be circumvented.
You can tell sudo to use authentification 'per tty' so you have
to enter your password for each tty seperately, this solves your 
first problem :)
> 
> People can even log off, log back in, and still be able to SUDO if under 
> the time limit.
you can put 'sudo -k' in your '.logout' (or whatever appropriate)
to remove the timestamp-file 'if' there is one, so this effectively
solves your second problem :)
> 
> that also identifies the tty?
It's already in the newest versioon :)

CU,
	Sec

-- 
Email: sec@leo.org or sec@matrix.muc.de      WWW: http://www.blafasel.de/~sec/
   Phone: 089/3618013 or 0177/2340515                IRC: Sec @ #blafasel
              I'm living on a small planet called Reality ;-)

home help back first fref pref prev next nref lref last post