[Bug 913735] Re: sudo is autorizing closed sessions

[Grzemach]

** Visibility changed to: Public

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/913735

Title:
  sudo is autorizing closed sessions

Status in “sudo” package in Ubuntu:
  New

Bug description:
  1. When i login via SSH to server, there i will use "sudo comand" i need to confirm this operation via user password. After logout, and when i will login again - i don't need use password to confirm users privileges. Worst thing is that i don't need to use same computer, i can do it just from any computer in same network (with same external IP) - i didn't test if from external IP i can do same thing.
  So when attacer is in WiFi of our network, he can without any problem have access to remote server. Like when he will take SSH-keys from our computer.
  2. When i have opened "screen" and i will create new screen window - do some sudo operations there, close window. Next i will open again new window - also i can do all sudo operations without any password prompts.

  I'm using latest Ubuntu LTS on server. With all updates.

  apt-cache policy sudo
  sudo:
    Zainstalowana: 1.7.2p1-1ubuntu5.3
    Kandydująca: 1.7.2p1-1ubuntu5.3
    Tabela wersji:
   *** 1.7.2p1-1ubuntu5.3 0
          500 ftp://mirror.ovh.net/mirrors/ftp.ubuntu.com/ubuntu/ lucid-updates/main Packages
          500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
          100 /var/lib/dpkg/status
       1.7.2p1-1ubuntu5 0
          500 ftp://mirror.ovh.net/mirrors/ftp.ubuntu.com/ubuntu/ lucid/main Packages

  
  In my opinion this is problem with sudo, and it should clear privilege status on logout/screen close window/close connection.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/913735/+subscriptions