Introduction to sudo on first use.

Bug #65541 reported by Joseph Price on 2006-10-11
6
Affects Status Importance Assigned to Milestone
bash (Ubuntu)
Wishlist
Unassigned

Bug Description

Although sudo is explain on first launch of the terminal, i feel that it should stay there for more launches... say 10.

I've seen 3 people on ubuntuforum.org already today asking for help on enabling the root account and feel that they could be helped if this information was displayed longer.

Pricey

Gabriel Puliatti (predius) wrote :

Thanks for your report. Your idea might get more attention and have
the possibility of being implemented if you would submit a
specification for this.

You should first check whether it already exists at the Ubuntu specs
page (https://launchpad.net/distros/ubuntu/+specs) in Launchpad. If
that is the case, feel free to contact the drafter of that spec about
your comments/suggestions. Otherwise you can start writing a spec
following the steps described in
        https://wiki.ubuntu.com/FeatureSpecifications.

Changed in sudo:
status: Unconfirmed → Rejected
Martin Pitt (pitti) wrote :

Reopening again, such a small issue doesn't really warrant a spec. Even if it would, the bug should be open.

Changed in sudo:
importance: Undecided → Wishlist
status: Rejected → Confirmed
Thomas Hood (jdthood) wrote :

Something that should be explained to people using sudo for the first time is that sudo makes the terminal in which it is run vulnerable to malware after sudo has been used to run any command. (After the user does, e.g., "sudo tail /var/log/syslog", any other command the user runs in the same terminal can itself use sudo to elevate its privileges, until the timeout expires.) Users should perhaps be advised to run third party scripts only in freshly launched terminals.

Thomas Hood [2009-04-12 17:14 -0000]:
> Something that should be explained to people using sudo for the first
> time is that sudo makes the terminal in which it is run vulnerable to
> malware after sudo has been used to run any command. (After the user
> does, e.g., "sudo tail /var/log/syslog", any other command the user runs
> in the same terminal can itself use sudo to elevate its privileges,
> until the timeout expires.) Users should perhaps be advised to run
> third party scripts only in freshly launched terminals.

That wouldn't help really. First, your own user account has _much_
more interesting personal data than root's, and second, once you have
a local user account which can (and does from time to time), you lost
already, since that malware can always install aliases, fake gksu's,
and other tricks to lure you into giving away your password.

affects: sudo (Ubuntu) → bash (Ubuntu)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers