[908] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] SUDO problems

daemon@ATHENA.MIT.EDU (James)
Mon Jul 15 14:04:47 1996

Date: Sun, 14 Jul 1996 03:50:30 -0400 (EDT)
From: James <james@bell.annis.com>
To: Blue <blue@buttercup.cybernex.net>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199607111844.OAA31342@buttercup.cybernex.net>

Well sudo touches a file /tmp/.odus/username
i am sure it could be easily patched to touch a file called /username-tty
this would still not be as secure as other more complex alternatives...
for example, someone could telnet in on ttyp1 and then logout, someone 
could immediately login after on ttyp1 and wont have to use a password to 
sudo... This could be fixed by hacking up all your shells to remove the 
files when the users logout... Or maybe someone can think of another 
alternative... for the time being I am probably going to fix up sudo to 
keep the tty info also...I will leteverrryone know how it turns out

James Golovich

home help back first fref pref prev next nref lref last post