This report is now a few years old and I'm seeing an interesting behavior of sudo:
1. First I'm Cleaning /var/lib/sudo/$USER as root with "rm -rf /var/lib/sudo/sworddragon/*". 2. Then I'm opening a terminal with my user account. 3. Typing tty returns /dev/pts/2. 4. Then I'm typing "sudo true" and entering my correct password. 5. Typing "md5sum /var/lib/sudo/sworddragon/2" as root returns "6ec673eac24f4e2fc0c5fa149eebfcef /var/lib/sudo/sworddragon/2" 6. Then I'm closing the terminal on /dev/pts/2 and opening it again. 7. Typing tty returns /dev/pts/2. 8. On typing sudo true I'm asked again for my password. 9. Instead of typing my password I'm typing now as root again "md5sum /var/lib/sudo/sworddragon/2" which returns "6ec673eac24f4e2fc0c5fa149eebfcef /var/lib/sudo/sworddragon/2". 10. Typing "ls -a /var/lib/sudo/sworddragon" as root returns ". .. 2". This means even on getting the same pts without expiring of /var/lib/sudo/sworddragon/2 sudo asks me for my password. Can somebody tell me where is hiding the security mechanism here? Also are the cases in this ticket still a problem or are they maybe already fixed? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/87023 Title: sudo option "tty_tickets" gives false sense of security due to reused pts numbers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
