[sudo-users] Comparing -k and -K
Grant Taylor
gtaylor at tnetconsulting.net
Wed Dec 28 10:31:53 MST 2022
On 12/27/22 6:58 PM, Jason Franklin wrote:
> Now I understand why people use "-k" in their logout scripts.
I'm now wondering how likely it is that someone / something could
leverage remaining access.
E.g. Suppose I close an XTerm that I had just used sudo in, walked away
from, but did not lock my system. -- Could someone open a new XTerm,
somehow getting the same PTY, and leverage the remaining sudo credential
timeout?
I would naively assume that the caching couldn't be subverted that
easily. I would hope that there is more than just TTY / PTY to identify
the session. Ideally it should probably include PID and possibly even
PPID in addition to the TTY / PTY.
Can ~> will someone explain the potential vulnerability that flushing
the terminal's cached time with `-k` closes?
Thank you and have a good day.
--
Grant. . . .
unix || die
More information about the sudo-users
mailing list