Bug 101 - Timestamps exist across reboots
Timestamps exist across reboots
Status: RESOLVED INVALID
Product: Sudo
Classification: Unclassified
Component: Sudo
1.6.6
PC Linux
: low security
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-03-11 10:21 MST by Randall Wood
Modified: 2003-03-13 22:52 MST (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Randall Wood 2003-03-11 10:21:45 MST
Sudo timestamps exist across reboots (my system is Redhat Liniux 8.0). I do not
know that this behavior exists on other systems. I understand that sudo recieves
no notification that a system has rebooted, but I think that could be an issue,
although I know of no way to exploit this problem. I am also submitting this bug
to Redhat. Perhaps sudo could clean "stale" timestamps anytime a user attempts
to authenticate by testing that the timestamp is more recent than the last
system boot?
Comment 1 Todd C. Miller 2003-03-13 18:52:24 MST
I don't consider this to be a bug.  Sudo puts its timestamps in /var/run or /tmp if there is no /var/run.  On most systems, both of these directories are cleaned out on reboot.  If RedHat doesn't do that I'd call it a bug in RedHat.