Description of problem: "up2date -u" does not always request root privileges when logged in with ssh. Time since last request for "up2date -u" may matter (, 2 minutes?). BUT: running up2date -u, logging out, logging back in (all with ssh within a minute) would allow someone else (using same username and passwd) to run up2date. I guess this should not be. Version-Release number of selected component (if applicable): RedHat 9.0 How reproducible: elapsed time may matter, otherwise 90+% Steps to Reproduce: 1.login with ssh. run "up2date -u" (answer root passwd). logout. 2.login again with ssh (within a minute?) 3.run "up2date -u" ... do not get request for root passwd Actual results: root passwd not always needed to do privileged work may be a problem in other settings as well? Expected results: should request root privileges EVERY time Additional info: will keep watching this
up2date does no handling of aquiring root privs itself, thats the userhelper/consolehelper utils from the "usermode" package (and it sounds like in this case, the pam_timestamp setup). reassigning to usermode
Workaround: put "sudo -k" in your .bash_logout. That should clear the timestamp.
*** This bug has been marked as a duplicate of 112419 ***