Really? If the terminal I last ran sudo in is open still on the machine, and it's unlocked, I couldn't simply change the time back to the previous sudo command an escalate?
Even if it's a remote chance, it's still an easy exploit.
/var/log/auth.log is certainly readable by a program that uses a different exploit to gain access to that admin user (say, a browser exploit) and contains the PTY and timestamp. It doesn't even have to be exact: It just has to be ~ 15 minutes after the last sudo, right?
This is a simple upgrade that even your parent distribution has adopted for their stable. Why ignore it for over a year? Can you please show me the information about the inode? My impression was that it was based on the SID, rather than inode, but perhaps that has changed.
Really? If the terminal I last ran sudo in is open still on the machine, and it's unlocked, I couldn't simply change the time back to the previous sudo command an escalate?
Even if it's a remote chance, it's still an easy exploit.
/var/log/auth.log is certainly readable by a program that uses a different exploit to gain access to that admin user (say, a browser exploit) and contains the PTY and timestamp. It doesn't even have to be exact: It just has to be ~ 15 minutes after the last sudo, right?
This is a simple upgrade that even your parent distribution has adopted for their stable. Why ignore it for over a year? Can you please show me the information about the inode? My impression was that it was based on the SID, rather than inode, but perhaps that has changed.