Bug 112419 - root privileges remain after logout and reboot
Summary: root privileges remain after logout and reboot
Alias: None
Product: Fedora
Classification: Fedora
Component: pam   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
Keywords: Security
: 111932 132112 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2003-12-19 14:19 UTC by Christoph Wickert
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version: pam-0.77-66
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-11-16 12:38:36 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Christoph Wickert 2003-12-19 14:19:40 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5)
Gecko/20031110 Firebird/0.7

Description of problem:
pam_timestamp should "flush" root privileges on logout. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Log into KDE and start any app linked to userhelper 
2. Log out
3. Log in again

Actual Results:  The program is restored without passwort. Any other
app that requires root access can bee used, too.

Expected Results:  Passwords should be forgotten on logout and the
password dialog should appear before a programm with root privileges
can be started/restored.

Additional info:

Comment 1 Christoph Wickert 2003-12-19 14:50:35 UTC
Even happens after a reboot!

Comment 2 Tomas Mraz 2004-09-21 10:47:06 UTC
The easiest solution is probably to save login time of the current tty
to the timestamp file and check if it's the same when reusing the

Comment 3 Tomas Mraz 2004-10-08 11:52:10 UTC
*** Bug 132112 has been marked as a duplicate of this bug. ***

Comment 4 Tomas Mraz 2004-11-10 17:55:06 UTC
I have fix for this. Actually it's not necessary to save the login
time. It's enough to test if the oldest login time of the user is
older than the timestamp to allow access.

Comment 5 Tomas Mraz 2005-09-13 14:16:10 UTC
*** Bug 111932 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.