Possible security risk (sudo & command history)
Brian Yoon
girish133 at yahoo.com
Fri Sep 24 18:21:14 UTC 2004
I don't know if this is a security threat but I am
able to run a sudo command without typing in my
password.
1) sudo vi any-system-critical-file
2) input password
3) close out vi session
4) use the up arrow to find and run that command again
5) edit the file without having to enter in password
I'm able to rerun the sudo command without entering a
password by using the command history (up arrow) even
after I close the terminal and open a new one.
This could be extremely dangerous because I could
issue a sensitive root command, close it out, leave my
computer, and someone else could simply browse my
command history for a sudo command.
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
More information about the ubuntu-users
mailing list