Bug 112419 - root privileges remain after logout and reboot
root privileges remain after logout and reboot
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
: Security
: 111932 132112 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-19 09:19 EST by Christoph Wickert
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version: pam-0.77-66
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-16 07:38:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christoph Wickert 2003-12-19 09:19:40 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5)
Gecko/20031110 Firebird/0.7

Description of problem:
pam_timestamp should "flush" root privileges on logout. 

Version-Release number of selected component (if applicable):
pam-0.77-15

How reproducible:
Always

Steps to Reproduce:
1. Log into KDE and start any app linked to userhelper 
2. Log out
3. Log in again
    

Actual Results:  The program is restored without passwort. Any other
app that requires root access can bee used, too.

Expected Results:  Passwords should be forgotten on logout and the
password dialog should appear before a programm with root privileges
can be started/restored.

Additional info:
Comment 1 Christoph Wickert 2003-12-19 09:50:35 EST
Even happens after a reboot!
Comment 2 Tomas Mraz 2004-09-21 06:47:06 EDT
The easiest solution is probably to save login time of the current tty
to the timestamp file and check if it's the same when reusing the
timestamp.
Comment 3 Tomas Mraz 2004-10-08 07:52:10 EDT
*** Bug 132112 has been marked as a duplicate of this bug. ***
Comment 4 Tomas Mraz 2004-11-10 12:55:06 EST
I have fix for this. Actually it's not necessary to save the login
time. It's enough to test if the oldest login time of the user is
older than the timestamp to allow access.

Comment 5 Tomas Mraz 2005-09-13 10:16:10 EDT
*** Bug 111932 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.