Red Hat Bugzilla – Bug 85967
Sudo timestamps survive a system reboot
Last modified: 2007-04-18 12:51:57 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830 Description of problem: sudo timestamp files survive a system reboot. A workstation restarted using "shutdown -rf now" can reboot within the 5 minute life of a sudo authentication ticket. If a user logs in on the same terminal, sudo's ticket remains valid. Version-Release number of selected component (if applicable): sudo-1.6.6-1 How reproducible: Always Steps to Reproduce: 1.valid sudo user enters sudo /sbin/shutdown -rf now with valid password 2.if user logins to same terminal immediately after reboot, sudo -v does not require authentication. Actual Results: I was required to authenticate myself Expected Results: I should have be required to authenticate Additional info: This bug has been submited to http://www.sudo.ws/sudo/bugs/show_bug.cgi?id=101
Sudo timestamp files are kept in /var/tmp/sudo. The /etc/rc.d/rc.sysinit file as part of the initscripts package shipped with 8.0 does not clean out the /var/tmp/sudo directory. The initscripts package shipped with Red Hat Linux 9 has been updated to clear out the /var/tmp/sudo directory.