?? What are you trying to point me send me to the man page? The "Once a
user has been authenticated, a timestamp is updated and the user may then
use sudo without a password for a short period of time (5 minutes unless
overridden in sudoers)." part? I was aware of this. This is the normal sudo
behavior. My point is if it is fine that sudo assumes that one user
connected on two different ttys should share the timestamp and execute sudo
commands without ask for a password because then my paranoid scenario is
possible.
Regards,
Alvaro
2012/10/8 patrick keshishian <pkesh...@gmail.com>
> $ man sudo
>
> On Mon, Oct 8, 2012 at 4:19 PM, Alvaro Mantilla Gimenez
> <alv...@alvaromantilla.com> wrote:
> > Hi,
> >
> > Today I found something weird on sudo behavior (at least I wasn't aware
> > of this). I logged in my server using ssh public key. Once I was in, I
> > executed 'sudo -i' to become root. My user has full sudo access using
> > password. Everything normal so far. Then I need it to open a new terminal
> > (on my local computer) and opened a new ssh connection to the server
> again.
> > This second time, using a different tty, I executed 'sudo -i' again and
> the
> > server let me become root without ask for my password. Is this normal? I
> > can imagine a scenario where an attacker got the public and private key
> of
> > some user (but not the password) and just connect to the server and
> execute
> > sudo in a time frame near to the user and get root access. Should sudo
> > check, also, the tty of the user when is asking for the password? I am
> > running OpenBSD 5.0 without any possibility to test that on 5.1 or
> current.
> > Could somebody test it? Is that the normal behavior of sudo?
> >
> > Thanks so much in advance and kind regards,
> >
> > Alvaro
