Thanks for the answer. If I'm not wrong ctime has a nanosecond resolution. The only way to abuse this is if:
- The tty/pts gets closed. - The time adjusts to the past (for example due to ntp). - The next opened console/terminal gets the same number and is created exactly at the same time. While this is theoretically possible it should only be seen as an extremely rare race-condition. Also normally while the user opens a terminal, types sudo and enters his password at least a few seconds will be gone. Normally the adjustment of ntp is only a few milliseconds. If I'm not wrong here too ntp refuses to adjust the time to a too far point. So this is a very nice security mechanism of sudo (does gksudo build on sudo too and benefit from this?). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/87023 Title: sudo option "tty_tickets" gives false sense of security due to reused pts numbers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
