Ubuntu
gksu package

Can't kill or abandon a gksudo session

Bug #180515 reported by Stuart Langridge
6
Affects Status Importance Assigned to Milestone
gksu (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: gksu

It doesn't appear to be possible to "abandon" a gksudo session (i.e., make gksudo ask for your password again) other than waiting for it to time out. Command-line sudo supports -k and -K to do this; gksudo does not.

Revision history for this message
Jordan Erickson (lns) wrote :

I just realized this as well, after running "gksudo gconf-editor", logging out of Gnome, logging back in, and running the same command - it didn't re-prompt me for my password.

I'd say this is a security flaw, as you would expect to drop sudo privileges after logging out (just think if you were on a public terminal with a common user).

Revision history for this message
jtniehof (jtniehof) wrote :

gksudo uses the same timestamp file as sudo, so sudo -k (or -K) will also kill a gksudo authentication.

However, the "memory" is per tty, so opening a terminal and doing "sudo -k" will not "forget" the authentication one provided from e.g. running Synaptic from the menu. The key is to run sudo -k without opening a terminal: either add the "Run Application..." button to the panel and use that to run sudo -k (leave "run in terminal" unchecked), or do Add to Panel, Custom Application Launcher and put sudo -k as the command.

Unfortunately there's no easy facility for running a script on logout from Gnome, but recall that once you've logged out, someone would need to enter your password to log in anyhow.

Since this is functioning as designed, I'm closing this bug.

Changed in gksu (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.