cross-platform virus
Peter Garrett
peter.garrett at optusnet.com.au
Sun Apr 9 01:43:59 BST 2006
On Sat, 8 Apr 2006 17:29:54 -0700
"Brian Burger" <blurdesign at gmail.com> wrote:
> > Is that really a possibility?
>
>
> AFAIK, yes.
>
> Try this: run 'sudo synaptic' as before, enter pw, then close Synaptic right
> away
> and try another sudo command from the same terminal you just used for Synaptic.
>
> You shouldn't be asked for a password for the 2nd sudo.
The balance of probabilities is still heavily stacked against the attacker
- the time-out applies only to the shell from which the sudo command is
run.
For instance, run
sudo echo foo
from one terminal - now open another and run it again from the new one.
You get asked for a password ( unless you were previously using pts/2 or
whatever the new shell is with sudo, and just reopened it)
In other words, if the user had just run synaptic from the menu , and then
opened a terminal and ran the malware affected program, sudo would still
request a password.
Peter
--
Linux User #343161
More information about the sounder
mailing list