Bug 112419

Summary: root privileges remain after logout and reboot
Product: [Fedora] Fedora Reporter: Christoph Wickert <christoph.wickert>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: michal, t8m, wolframjar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pam-0.77-66 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-11-16 12:38:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christoph Wickert 2003-12-19 14:19:40 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5)
Gecko/20031110 Firebird/0.7

Description of problem:
pam_timestamp should "flush" root privileges on logout. 

Version-Release number of selected component (if applicable):
pam-0.77-15

How reproducible:
Always

Steps to Reproduce:
1. Log into KDE and start any app linked to userhelper 
2. Log out
3. Log in again
    

Actual Results:  The program is restored without passwort. Any other
app that requires root access can bee used, too.

Expected Results:  Passwords should be forgotten on logout and the
password dialog should appear before a programm with root privileges
can be started/restored.

Additional info:

Comment 1 Christoph Wickert 2003-12-19 14:50:35 UTC
Even happens after a reboot!

Comment 2 Tomas Mraz 2004-09-21 10:47:06 UTC
The easiest solution is probably to save login time of the current tty
to the timestamp file and check if it's the same when reusing the
timestamp.


Comment 3 Tomas Mraz 2004-10-08 11:52:10 UTC
*** Bug 132112 has been marked as a duplicate of this bug. ***

Comment 4 Tomas Mraz 2004-11-10 17:55:06 UTC
I have fix for this. Actually it's not necessary to save the login
time. It's enough to test if the oldest login time of the user is
older than the timestamp to allow access.



Comment 5 Tomas Mraz 2005-09-13 14:16:10 UTC
*** Bug 111932 has been marked as a duplicate of this bug. ***