https://qa.mandrakesoft.com/show_bug.cgi?id=1668
------- Additional Comments From [EMAIL PROTECTED] 2003-02-17 17:47 ------- *** Bug 1724 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ------- Reminder: ------- assigned_to: [EMAIL PROTECTED] status: RESOLVED creation_date: description: I run mcc on a remote machine for package update. These are the commands I run: 1. ssh <remote-machine> -l <non-root-username> 2. After login, I run "mcc" from commandline 3. It asks for root passwd. So far so good 4. mcc starts up after root passwd is given. I quit mcc. 5. Run "mcc" from commandline again. This time it starts without asking for root passwd !! Why ? 6. I quit mcc, logout of the remote machine. 7. Immediately, repeat steps 1 and 2. Mcc starts without asking for root passwd !! Is there a timer associated with the root passwd in the sense that once u authenticate, u have "tokens" that last for the next 2 minutes ? If that is true, why are these tokens valid even after the remote ssh connection has ended ? If not true, then its a severe security bug. If the non-root user who was issued these "tokens" logs out, the tokens must also vanish.
