[Bug 913735] Re: sudo is autorizing closed sessions
Grzemach
913735 at bugs.launchpad.net
Wed Jan 11 10:15:56 UTC 2012
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/913735
Title:
sudo is autorizing closed sessions
Status in “sudo” package in Ubuntu:
New
Bug description:
1. When i login via SSH to server, there i will use "sudo comand" i need to confirm this operation via user password. After logout, and when i will login again - i don't need use password to confirm users privileges. Worst thing is that i don't need to use same computer, i can do it just from any computer in same network (with same external IP) - i didn't test if from external IP i can do same thing.
So when attacer is in WiFi of our network, he can without any problem have access to remote server. Like when he will take SSH-keys from our computer.
2. When i have opened "screen" and i will create new screen window - do some sudo operations there, close window. Next i will open again new window - also i can do all sudo operations without any password prompts.
I'm using latest Ubuntu LTS on server. With all updates.
apt-cache policy sudo
sudo:
Zainstalowana: 1.7.2p1-1ubuntu5.3
Kandydująca: 1.7.2p1-1ubuntu5.3
Tabela wersji:
*** 1.7.2p1-1ubuntu5.3 0
500 ftp://mirror.ovh.net/mirrors/ftp.ubuntu.com/ubuntu/ lucid-updates/main Packages
500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
100 /var/lib/dpkg/status
1.7.2p1-1ubuntu5 0
500 ftp://mirror.ovh.net/mirrors/ftp.ubuntu.com/ubuntu/ lucid/main Packages
In my opinion this is problem with sudo, and it should clear privilege status on logout/screen close window/close connection.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/913735/+subscriptions
More information about the foundations-bugs
mailing list