Bug 85967 - Sudo timestamps survive a system reboot
Sudo timestamps survive a system reboot
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: sudo (Show other bugs)
8.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-03-11 12:38 EST by Randall Wood
Modified: 2007-04-18 12:51 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-04-23 06:31:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Randall Wood 2003-03-11 12:38:15 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830

Description of problem:
sudo timestamp files survive a system reboot. A workstation restarted using
"shutdown -rf now" can reboot within the 5 minute life of a sudo authentication
ticket. If a user logs in on the same terminal, sudo's ticket remains valid.

Version-Release number of selected component (if applicable):
sudo-1.6.6-1

How reproducible:
Always

Steps to Reproduce:
1.valid sudo user enters sudo /sbin/shutdown -rf now with valid password
2.if user logins to same terminal immediately after reboot, sudo -v does not
require authentication.
    

Actual Results:  I was required to authenticate myself

Expected Results:  I should have be required to authenticate

Additional info:

This bug has been submited to http://www.sudo.ws/sudo/bugs/show_bug.cgi?id=101
Comment 1 Mark J. Cox (Product Security) 2003-04-23 06:31:28 EDT
Sudo timestamp files are kept in /var/tmp/sudo.  The /etc/rc.d/rc.sysinit file
as part of the initscripts package shipped with 8.0 does not clean out the
/var/tmp/sudo directory.  The initscripts package shipped with Red Hat Linux 9
has been updated to clear out the /var/tmp/sudo directory.

Note You need to log in before you can comment on or make changes to this bug.