[sudo-workers] tty tickets
Robrecht Noens
noensr at gmail.com
Wed Apr 7 16:40:01 EDT 2010
Hi,
I wrote a patch today that provides a boolean option "tty_check_time".
When this option is on and the tty_tickets option is on, the change-time
of the tty device is saved in the ticket. This should, under normal
circumstances, be the same as the creation time of the tty-device
(creation time itself is never available in UNIX).
When sudo is called from a terminal, the change-time of the terminal
is compared with the value in the ticket. If it differs, the terminal has
probably been hijacked, so no access is granted.
If a ticket is empty, no access is granted and the ticket is deleted, so
the system keeps working when the option is set from off to on.
Patches are included. Let me know what you think of it.
Best regards,
Robrecht Noens
-------------- next part --------------
A non-text attachment was scrubbed...
Name: check.c.diff
Type: text/x-patch
Size: 3481 bytes
Desc: not available
URL: </pipermail/sudo-workers/attachments/20100407/8cdb9811/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: def_data.c.diff
Type: text/x-patch
Size: 426 bytes
Desc: not available
URL: </pipermail/sudo-workers/attachments/20100407/8cdb9811/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: def_data.h.diff
Type: text/x-patch
Size: 438 bytes
Desc: not available
URL: </pipermail/sudo-workers/attachments/20100407/8cdb9811/attachment-0002.bin>
More information about the sudo-workers
mailing list