Package: installation-reports Version: 2.29 Severity: normal
Current installer have 2 options: 1.set root password 2.don't set root password In case 2. the configuration file sudo created with the next settings user ALL=(ALL) ALL I suggest to add an option: timestamp_timeout 0 This option will prevent getting root rights by malefactor who was succeed in getting shell on user account (for example through possible holes in brouser etc.) In current case a simple script that periodically runs 'sudo command' or more complicated script that follows for logs activity /var/log/auth and runs on this log activity 'sudo command' can get full control on a system where sudo configured by installer. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
