I'm not sure this really qualifies as a security bug, because you
explicitly allow some privilege escalation by setting a user as not
requiring a password to login. And for an admin that is aware of this
problem there are a couple of ways to keep the "no password" login but
have a safe sudo: https://wiki.ubuntu.com/SecurityTeam/FAQ#Sudo
As sudo has already the capacity to wipe the timestamp with "sudo -k" I
think this is more an issue of gnome-session calling this command on
logout. I'm therefore adding the gnome-session package to this bug.
** Also affects: gnome-session (Ubuntu)
Importance: Undecided
Status: New
--
logging out of GNOME session should invalidate sudo tty tickets
https://bugs.launchpad.net/bugs/46890
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
