[sudo-users] question about timestamp

Glenn Gauthier gauthier at mac.com
Sat Jul 14 15:31:41 EDT 2007

I believe this is what you are looking for:

	If set, users must authenticate on a per-tty basis. Normally, sudo  
uses a directory in the ticket dir with the same name as the user  
running it. With this flag enabled, sudo will use a file named for  
the tty the user is logged in on in that directory. This flag is off  
by default.

By default, the same account on two different terminal sessions can  
use the same timestamp. But you can disable that.

On Jul 13, 2007, at 7:45 AM, ArameFarpado wrote:

> Hi, during the timestamp when a user can sudo commands without re- 
> typing the
> password, does sudo accept commands from any program has the UID of  
> the same
> user?
> example:
> opened a konsole, launch a sudo command, typed password... then during
> timestamp the same user can launch more sudo commands whitout  
> retyping the
> password. does this commands must be lauched from the same konsole  
> or they
> could be lauch from another konsole or another program as long as  
> they have
> been started by the same user?
> in other words: can a program (like a game, whit secundary malware
> instructions) launch sudo commands during timestamp? as long as  
> that game has
> the UID of the sudoer that launched the first sudo?
> Or, does sudo detects and rejects sudo commands that wore lauched  
> by another
> program, and only allow human typed commands?
> Thanks a lot
> ArameFarpado
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list