|
Bugzilla – Full Text Bug Listing |
| Summary: | Commands (not prefixed by "sudo") can acquire root permissions without the user noticing it | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | pnd23 |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | security | CC: | glen, pnd23 |
| Priority: | high | ||
| Version: | 1.8.20 | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Attachments: | Open root terminals from file managers started as a non-root user | ||
This sounds like it is the same as what is described in https://www.sudo.ws/pipermail/sudo-workers/2017-July/001108.html Sudo commands run in the same terminal session share a common time stamp record. In sudo 1.8.21 it will be possible to use the parent process ID to restrict the time stamp to commands run by the same process, usually the shell. Also see: https://www.sudo.ws/repos/sudo/rev/426161a2e06f In sudo 1.8.21 you can use the following in your sudoers file: Defaults timestamp_type=ppid to change the time stamp records from per-tty to per-parent-process. That should address your issue. This may become the default in a future sudo release. this looks backward breaking change,
or i can still disable tty tickets using old syntax? --
!tty_tickets
The old syntax is still supported. |
Created attachment 498 [details] Open root terminals from file managers started as a non-root user Processes that have been started in a terminal session in which sudo has been used (before or after these processes' startup), or dependent processes from such processes, can be used to create processes with root permissions without the user noticing it. (see attachment)