Hello, On Tue, 12 Aug 2014, Sid Boyce wrote:
On 11/08/14 22:07, David Haller wrote:
Before SuSE was born there was glibc5 vs glibc6. Others like KDE3 vs KDE4, pulseaudio, going away from using a root password in favour of "sudo su" and the user password *Yikes*!?!?! Is oS shipping a sudoers that allows that? *looks into
On Sun, 10 Aug 2014, Sid Boyce wrote: the 13.1 VM* *ARGH* Albeit with "targetpw".
That's the default behaviour in Ubuntu to this day. If you need to do anything that needs root privileges, it's "sudo <command>" upon which it asks for the user password.
I know. [..]
So unless the admin changes the password for ubuntu or explicitly sets up a root password there is that large gaping hole.
There's also the timeout while one does not have to reenter the PW ... Just think of a browser-bug that can execute shell-code. Just try 'sudo su -' or something inconspicously every so often until at some point you try inside the timeout since the user has called sudo <whatever>... *bingo* In my sudoers, root can do everything, users can call some very few programs (with parameters) without passwd and nothing else. Neither with their own nor root's PW. -dnh -- Intel engineering seem to have misheard Intel marketing strategy. The phrase was "Divide and conquer" not "Divide and cock up" -- Alan Cox, iialan@www.linux.org.uk -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org