sudo privileges should die faster

Michel Clasquin clasqm at mweb.co.za
Mon Dec 20 21:57:17 UTC 2004


On Mon, 2004-12-20 at 22:02 +0100, josé ángel madrid gómez wrote:
> Sometimes it's an advantage, but this little advantage is a bit scary
> I'm talking about sudo, which is necessary to use some applications, or
> to run some commands. In both cases, you can type another command, or
> another app with sudo and it doesn't ask for the password. I think that
> this is like that because it has a 'living time'. If the command is
> launched before sudo has died, you get root permissions.
> Isn't it a bit dangerous?

I stand totally open to correction, but I think in order to exploit
this, somebody would already have to be logged on under your account
(i.e. he already has your password and can do his own sudo'ing as he
pleases)

Until I hear to the contrary, I won't lose any sleep over it.

> I keep on learning

ditto






More information about the ubuntu-users mailing list