[sudo-users] question about timestamp
Glenn Gauthier
gauthier at mac.com
Sat Jul 14 15:31:41 EDT 2007
I believe this is what you are looking for:
tty_tickets
If set, users must authenticate on a per-tty basis. Normally, sudo
uses a directory in the ticket dir with the same name as the user
running it. With this flag enabled, sudo will use a file named for
the tty the user is logged in on in that directory. This flag is off
by default.
By default, the same account on two different terminal sessions can
use the same timestamp. But you can disable that.
On Jul 13, 2007, at 7:45 AM, ArameFarpado wrote:
> Hi, during the timestamp when a user can sudo commands without re-
> typing the
> password, does sudo accept commands from any program has the UID of
> the same
> user?
> example:
> opened a konsole, launch a sudo command, typed password... then during
> timestamp the same user can launch more sudo commands whitout
> retyping the
> password. does this commands must be lauched from the same konsole
> or they
> could be lauch from another konsole or another program as long as
> they have
> been started by the same user?
> in other words: can a program (like a game, whit secundary malware
> instructions) launch sudo commands during timestamp? as long as
> that game has
> the UID of the sudoer that launched the first sudo?
>
> Or, does sudo detects and rejects sudo commands that wore lauched
> by another
> program, and only allow human typed commands?
>
> Thanks a lot
> ArameFarpado
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list