Bug 88

Summary: Sudo timeout doesn't reset after disconnecting from the machine
Product: Sudo Reporter: Aaron Howell <aaronh>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED WONTFIX    
Severity: security    
Priority: normal    
Version: 1.6.3   
Hardware: PC   
OS: Linux   

Description Aaron Howell 2002-06-21 17:09:56 MDT 
Circumstances:
Logged into machine, ran "sudo <command>", logged out of machine.  Needed to
repeat process, logged back into machine, ran "sudo <command>" again, only this
time wasn't prompted for a password.

I read in the man page where you can use -k in .logout file, but I think the
default behavior should be to automagically expire a users timestamp when they
log off the system.  The current behaviour could lead to the following scenario:

User "hansel" logs on, executes "sudo <command>", logs off.  Malicious user
"gretel", local to the system, gains access to hansel's account, and executes
"sudo <command>" as hansel.  In the event that hansel was ALL=(ALL) ALL in
/etc/sudoers this could lead to complete system compromise.

I left priority at "normal" as this would be rather difficult to take advantage
of, but I believe it can be done.  I have also verified that this ONLY works if
using the same tty.  If I execute "sudo <command>", and then log in on another
terminal, I cannot sudo without being prompted for a password.  If I exit and
initiate a new connection, as long as I get the same tty I had previously, I can
still execute commands without using a password.  It has also been verfied that
this works from multiple networks, so I'm assuming that sudo only cares about
the username and tty.
Comment 1 Todd C. Miller 2004-05-12 14:52:48 MDT 
There's no real way to do this since sudo is not running when you logout.