cross-platform virus
Sasha Tsykin
stsykin at gmail.com
Sun Apr 9 12:12:09 BST 2006
Yuki Cuss wrote:
> On Sun, 2006-04-09 at 10:49 +1000, Peter Garrett wrote:
>> Indeed, you are right - perhaps the sudo "ticket" in this case should
>> apply only for the app concerned. Not sure if that is possible, but this
>> does look like a loophole.... Any app requiring sudo seems to open happily
>> without a password if started after, say, synaptic during the time out
>> period. : ( ...
>
> Not a loophole at all; that's the entire *point* of sudo - that it won't
> ask for another password. That usefulness is greatly reduced when you
> start saving tokens per-program/command line.
>
> - Yuki.
>
But it is at least arguable that this is an insecure practice. It may be
"the point," but that does not make it a good idea necessarily.
Sasha
More information about the sounder
mailing list