[sudo-users] question about timestamp
ArameFarpado
a-farpado.spam at netcabo.pt
Sat Jul 14 17:56:43 EDT 2007
Thanks :)
Em Sábado, 14 de Julho de 2007, Glenn Gauthier escreveu:
> I believe this is what you are looking for:
>
> tty_tickets
> If set, users must authenticate on a per-tty basis. Normally, sudo
> uses a directory in the ticket dir with the same name as the user
> running it. With this flag enabled, sudo will use a file named for
> the tty the user is logged in on in that directory. This flag is off
> by default.
>
>
>
> By default, the same account on two different terminal sessions can
> use the same timestamp. But you can disable that.
>
> On Jul 13, 2007, at 7:45 AM, ArameFarpado wrote:
> > Hi, during the timestamp when a user can sudo commands without re-
> > typing the
> > password, does sudo accept commands from any program has the UID of
> > the same
> > user?
> > example:
> > opened a konsole, launch a sudo command, typed password... then during
> > timestamp the same user can launch more sudo commands whitout
> > retyping the
> > password. does this commands must be lauched from the same konsole
> > or they
> > could be lauch from another konsole or another program as long as
> > they have
> > been started by the same user?
> > in other words: can a program (like a game, whit secundary malware
> > instructions) launch sudo commands during timestamp? as long as
> > that game has
> > the UID of the sudoer that launched the first sudo?
> >
> > Or, does sudo detects and rejects sudo commands that wore lauched
> > by another
> > program, and only allow human typed commands?
> >
> > Thanks a lot
> > ArameFarpado
> > ____________________________________________________________
> > sudo-users mailing list <sudo-users at sudo.ws>
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list