Root authentication persists through GNOME logins (was sudo
security concerns ?)
Eric Dunbar
eric.dunbar at gmail.com
Fri Nov 26 12:55:28 CST 2004
Hi, this is something that I was intending to comment upon for a while now.
It seems that root authentication persists (for a short period)
through a logout-login cycle in GNOME.
e.g. I'll fire up Synaptic, enter the password to access it. Logout,
promptly log back in, fire up Synaptic again and I'm not prompted for
a password the second time around.
Eric.
On Fri, 26 Nov 2004 12:39:53 +0000, Colin Watson <cjwatson at canonical.com> wrote:
> On Fri, Nov 26, 2004 at 05:55:17AM +0000, Paul Sladen wrote:
> > On Thu, 25 Nov 2004, Karl Hegbloom wrote:
> > > Can a program or script running under my own UID monitor keystrokes and
> > > learn my sudo password?
> >
> > The question is the same when it comes to logging 'su' passwords. Under X,
> > it is fairly easier to record keystrokes if a program is not securing the
> > keyboard. That's an X issue and not related to sudo though.
>
> I'm not even sure it's really an X issue. Consider a modified xterm (or
> whatever) placed on the user's path.
>
> --
> Colin Watson [cjwatson at canonical.com]
>
>
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>
--
Sincerely, Eric Dunbar
More information about the ubuntu-devel
mailing list