Also, this feature is not Suse specific. The sudo memory is (I think) standard for sudo on most
distributions (at least RedHat and Fedora, which I can verify). Nevertheless, it is indeed a
security issue.
Cheers,
Tim
--- Siegbert Baude
Jerry Westrick schrieb:
On Tuesday 15 November 2005 11:15, Jurzitza, Dieter wrote:
Dear listmembers, a big please: could you try
sudo -s <ROOTPASSWD> ROOTSHELL Ctrl-d (back to original shell)
sudo -s ROOTSHELL !!!! No question for password. This should never happen. !!!! Ctrl-d (back to original shell)
I perceive this as a serious bug. I see this here on SuSE 9.3 (both amd64 and i586) and have no other platform to test - any feedback is highly appreciated! The system asks again for the password after a certain amount of time (10min to 30min). I haven't debugged this with too much depth. Thanks in advance, take care
Dieter Jurzitza
Ditto SUSE 10.0 Pro (Comercial)...
The same on SUSE 9.2, but this is not a bug, it's a feature. "Man sudo" reveals this in the first paragraph, in the paragraph about sudo security you also find interesting pieces of information. To change this "man sudoers" says:
timestamp_timeout Number of minutes that can elapse before sudo will ask for a passwd again. The default is 5. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's timestamp will never expire. This can be used to allow users to create or delete their own timestamps via sudo -v and sudo -k respectively.
Ciao Siegbert
-- Check the List-Unsubscribe header to unsubscribe For additional commands, email: suse-amd64-help@suse.com