[Bug 802997] Re: sudo login cache is retained even after user logs out

[Micah Gersten]

This was actually fixed in natty as 1.7.3 enabled clearing the catch on
logout for pseudo ttys with per tty tickets enabled and 1.7.4 enabled
per tty tickets by default.

** Changed in: sudo (Ubuntu)
       Status: Invalid => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/802997

Title:
  sudo login cache is retained even after user logs out

Status in sudo:
  Unknown
Status in “sudo” package in Ubuntu:
  Fix Released

Bug description:
  When running sudo 2x in a short period, the second attempt uses cached
  credentials. That's all fine and good, but watch this:

  [stephan at cheyenne:~/tmp]$ ssh imat-dev
  stephan at infomat-dev:~$ sudo su -
  root at infomat-dev:~# 

  Summary:

  a) i sudo'd to root. i was asked for a password, as expected.
  b) i finished my work and logged out from root, then logged off of the remote system.
  c) A few moments later i logged in again to the remote system and did 'sudo su -'.
  d) i expected to be asked for my password, but the old credentials from my _previous_ login were reused.

  IMO the credentials should be invalidated if the user logs out. The
  current behaviour is highly questionable. i would rather it not cache
  at all than to keep the cache valid after i log out.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.10
  Package: sudo 1.7.2p7-1ubuntu2.1
  ProcVersionSignature: Ubuntu 2.6.35-28.50-generic 2.6.35.11
  Uname: Linux 2.6.35-28-generic x86_64
  NonfreeKernelModules: fglrx
  Architecture: amd64
  Date: Tue Jun 28 15:45:13 2011
  InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: sudo

To manage notifications about this bug go to:
https://bugs.launchpad.net/sudo/+bug/802997/+subscriptions