sudo login cache is retained even after user logs out
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo |
Unknown
|
Unknown
|
|||
sudo (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When running sudo 2x in a short period, the second attempt uses cached credentials. That's all fine and good, but watch this:
[stephan@
stephan@
root@infomat-dev:~#
Summary:
a) i sudo'd to root. i was asked for a password, as expected.
b) i finished my work and logged out from root, then logged off of the remote system.
c) A few moments later i logged in again to the remote system and did 'sudo su -'.
d) i expected to be asked for my password, but the old credentials from my _previous_ login were reused.
IMO the credentials should be invalidated if the user logs out. The current behaviour is highly questionable. i would rather it not cache at all than to keep the cache valid after i log out.
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: sudo 1.7.2p7-1ubuntu2.1
ProcVersionSign
Uname: Linux 2.6.35-28-generic x86_64
NonfreeKernelMo
Architecture: amd64
Date: Tue Jun 28 15:45:13 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: sudo
Thanks for taking the time to report this bug and helping to make Ubuntu better. This is not a bug, but rather expected behavior: /wiki.ubuntu. com/SecurityTea m/FAQ#Sudo
https:/
Please feel free to report any other bugs you may find.