[906] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] SUDO problems

daemon@ATHENA.MIT.EDU (Jordy)
Sat Jul 13 21:37:53 1996

Date: Fri, 12 Jul 1996 13:14:04 -1000 (HST)
From: Jordy <jordy@aloha.com>
To: Blue <blue@buttercup.cybernex.net>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199607111844.OAA31342@buttercup.cybernex.net>

> People can even log off, log back in, and still be able to SUDO if under 
> the time limit.

yep, two ways i guess you could fix this....

check the tty, or check where the person was logging in from, or BOTH! ;p

hrm, don't know why that wasn't though of first

> As a temporay measure I'm reducing the time limit, but does anyone know 
> of a patch or the like to prevent this from happening, perhaps something 
> that also identifies the tty?
> 
>    Jim Carstensen
> blue@cybernex.net
> 

            ,''~``.                              ,''``~.
            ( o o )                             ,( o o ),  
    /--.oooO--(_)--Oooo.--------------------.oooO--(_)--Oooo.---\
    |               http://www.thirdwave.net/~jordy/            |
    | There are people in this world that look at art but can't |
    |   see it. There are also people who listen to music but   |   
    |    don't hear it.  I feel sorry for those who look and    |  
    |     listen and envious of those who can see and hear.     |  
    |    .oooO                                        Oooo.     |  
    |    (   )   Oooo.   jordy@thirdwave.net  .oooO   (   )     |  
    \-----\ (----(   )------------------------(   )--- ) /------/  
           \_)    ) /                          \ (    (_/          
                 (_/                            \_)


home help back first fref pref prev next nref lref last post