On Sun, 2014-03-02 at 16:44 +0100, Cyril Brulebois wrote: > Colin Watson <[email protected]> (2007-06-18): > > On Mon, Jun 18, 2007 at 10:31:39PM +0400, Dmitry E. Oboukhov wrote: > > > Current installer have 2 options: > > > 1.set root password > > > 2.don't set root password > > > In case 2. the configuration file sudo created with the next settings > > > > > > user ALL=(ALL) ALL > > > > > > I suggest to add an option: > > > > > > timestamp_timeout 0 > > > > > > This option will prevent getting root rights by malefactor who was > > > succeed in getting shell on user account (for example through > > > possible holes in brouser etc.) > > > > > > In current case a simple script that periodically runs 'sudo > > > command' or more complicated script that follows for logs activity > > > /var/log/auth and runs on this log activity 'sudo command' can get > > > full control on a system where sudo configured by installer. > > > > I don't think it's that simple. We tried that in Ubuntu three years > > ago, and the net effect was that everyone got fed up of being prompted > > for their password all the time and just ran 'sudo -s' to get a root > > shell. We concluded that this was not a security win once we'd > > thought about it in more detail, and reverted it. > > Based on Colin's feedback, I don't think we want to add this option, so > closing this bug report.
Also, doesn't modern sudo tie the password cache to the current (p|t)ty, in other words you can't run an attack loop in one session and hope to use the password cached from another. Ian. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
