Possible security risk (sudo & command history)
girish133 at yahoo.com
Fri Sep 24 18:21:14 UTC 2004
I don't know if this is a security threat but I am
able to run a sudo command without typing in my
1) sudo vi any-system-critical-file
2) input password
3) close out vi session
4) use the up arrow to find and run that command again
5) edit the file without having to enter in password
I'm able to rerun the sudo command without entering a
password by using the command history (up arrow) even
after I close the terminal and open a new one.
This could be extremely dangerous because I could
issue a sensitive root command, close it out, leave my
computer, and someone else could simply browse my
command history for a sudo command.
Do you Yahoo!?
Declare Yourself - Register online to vote today!
More information about the ubuntu-users