[sudo-users] Comparing -k and -K
Grant Taylor
gtaylor at tnetconsulting.net
Wed Dec 28 18:10:36 MST 2022
On 12/28/22 11:02 AM, Todd C. Miller via sudo-users wrote:
> Each user has their own cached credential file so it is not possible
> for a different user to re-use them.
I assumed that crossing users was taken protected.
> However, it is possible, though not trivial, for the same user to
> do so.
My question was more as if someone walked up to your workstation after
you walked away without locking it and opened a new terminal as you. So
it's no longer you but still using your access on the system.
> Yes, it also uses the session ID. The format is documented in the
> sudoers_timestamp manual.
ACK
> If the same user was to log in via the same terminal and have the same
> session ID they could use the old cached credentials. This would
> likely require creating enough processes to wrap around the process
> ID namespace to get to the desired session ID. I have never tried
> to do this, but it should be possible.
*nod*nod*
Thank you for explaining.
--
Grant. . . .
unix || die
More information about the sudo-users
mailing list