Red Hat Bugzilla – Bug 186808
sudo remembers passwd across gnome-terminals
Last modified: 2007-11-30 17:11:28 EST
Description of problem:
When I use sudo to run a priveleged command in gnome-terminal, I wish to close
the terminal so sudo cannot be used again. However if a new gnome-terminal is
started soon after and a sudo command is run, sudo does not ask for a password.
I have noticed that this has been a problem for a quite a few versions of
fedora. This seems like a minor security risk as I would expect sudo to work per
terminal and so closing a terminal would "forget" that sudo had previously been
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Open gnome-terminal and use sudo to execute a command (requiring passwd)
2. Close gnome-terimal.
3. Open new terminal(s)
4. run a new sudo command
sudo runs without requiring a passwd
sudo should ask for a password before continuing
this seems to be the case with xterm , and so persumably, other apps too.
The password timestamp is not terminal specific and it's valid for all
terminals. You can disable this feature by timestamp_timeout=0 option in the
/etc/sudoers file. For more details see man sudo and man sudoers.