Bug 101

Summary: Timestamps exist across reboots
Product: Sudo Reporter: Randall Wood <rhwood>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED INVALID    
Severity: security    
Priority: low    
Version: 1.6.6   
Hardware: PC   
OS: Linux   

Description Randall Wood 2003-03-11 10:21:45 MST 
Sudo timestamps exist across reboots (my system is Redhat Liniux 8.0). I do not
know that this behavior exists on other systems. I understand that sudo recieves
no notification that a system has rebooted, but I think that could be an issue,
although I know of no way to exploit this problem. I am also submitting this bug
to Redhat. Perhaps sudo could clean "stale" timestamps anytime a user attempts
to authenticate by testing that the timestamp is more recent than the last
system boot?
Comment 1 Todd C. Miller 2003-03-13 18:52:24 MST 
I don't consider this to be a bug.  Sudo puts its timestamps in /var/run or /tmp if there is no /var/run.  On most systems, both of these directories are cleaned out on reboot.  If RedHat doesn't do that I'd call it a bug in RedHat.