Thanks for this well-described bug report! I wonder if some people would describe the "authenticated old tty" issue as a "feature"? I would tend to agree, though, that it is surprising to open a terminal and not get prompted. I find your "Issue 2" the most compelling -- this should not be allowed to happen.
As you've hinted, the "original" solution, in the design of sudo in general, was for users to add "sudo -K" to their ~/.bash_logout file. However, I suspect that isn't a proper solution (especially for gksu/kdesu). I haven't checked, but if udev receives notifications about pts devices being removed, perhaps it could be responsible for running "sudo -K" (or something similar)? That might solve all three scenarios, though I'm curious about the double pts allocation with kdesu. ** This bug has been flagged as a security issue -- sudo option "tty_tickets" gives false sense of security due to reused pts numbers https://launchpad.net/bugs/87023 -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
