[Bug 802997] Re: sudo login cache is retained even after user logs out
StephanBeal
802997 at bugs.launchpad.net
Tue Jun 28 13:50:44 UTC 2011
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/802997
Title:
sudo login cache is retained even after user logs out
Status in “sudo” package in Ubuntu:
New
Bug description:
When running sudo 2x in a short period, the second attempt uses cached
credentials. That's all fine and good, but watch this:
[stephan at cheyenne:~/tmp]$ ssh imat-dev
stephan at infomat-dev:~$ sudo su -
root at infomat-dev:~#
Summary:
a) i sudo'd to root. i was asked for a password, as expected.
b) i finished my work and logged out from root, then logged off of the remote system.
c) A few moments later i logged in again to the remote system and did 'sudo su -'.
d) i expected to be asked for my password, but the old credentials from my _previous_ login were reused.
IMO the credentials should be invalidated if the user logs out. The
current behaviour is highly questionable. i would rather it not cache
at all than to keep the cache valid after i log out.
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: sudo 1.7.2p7-1ubuntu2.1
ProcVersionSignature: Ubuntu 2.6.35-28.50-generic 2.6.35.11
Uname: Linux 2.6.35-28-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
Date: Tue Jun 28 15:45:13 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: sudo
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/802997/+subscriptions
More information about the foundations-bugs
mailing list