[908] in linux-security and linux-alert archive
Re: [linux-security] SUDO problems
daemon@ATHENA.MIT.EDU (James)
Mon Jul 15 14:04:47 1996
Date: Sun, 14 Jul 1996 03:50:30 -0400 (EDT)
From: James <james@bell.annis.com>
To: Blue <blue@buttercup.cybernex.net>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199607111844.OAA31342@buttercup.cybernex.net>
Well sudo touches a file /tmp/.odus/username
i am sure it could be easily patched to touch a file called /username-tty
this would still not be as secure as other more complex alternatives...
for example, someone could telnet in on ttyp1 and then logout, someone
could immediately login after on ttyp1 and wont have to use a password to
sudo... This could be fixed by hacking up all your shells to remove the
files when the users logout... Or maybe someone can think of another
alternative... for the time being I am probably going to fix up sudo to
keep the tty info also...I will leteverrryone know how it turns out
James Golovich