[8604] in bugtraq
Re: 'sudo' recommendations
daemon@ATHENA.MIT.EDU (Cy Schubert)
Wed Nov 18 20:22:06 1998
Date: Wed, 18 Nov 1998 17:06:18 -0800
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert <cschuber@UUMAIL.GOV.BC.CA>
X-To: Brian Martin <bmartin@REPSEC.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Wed, 18 Nov 1998 16:47:26 MST."
<Pine.LNX.3.96.981118164632.6555C-100000@enigma.repsec.com>
In message <Pine.LNX.3.96.981118164632.6555C-100000@enigma.repsec.com>,
Brian M
artin writes:
> I'd like to thank Mr. Miller for maintaining the 'sudo' package, as well
> as having the foresight to address the potential security concerns as
> outlined above.
You can also issue sudo -k to delete the sudo ticket before running
something potentially dangerous.
The problem you discuss is also an issue with Kerberos. Any potential
attacker could use cached Kerberos tickets to gain access to hosts,
services, or privileges. To circumvent this, kdestroy your Kerberos
ticket or log in as a different user.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Open Systems Group Internet: Cy.Schubert@uumail.gov.bc.ca
ITSD Cy.Schubert@gems8.gov.bc.ca
Government of BC
