Written by cdenley the 30 Jan 09 at 13:39.

By default, the timestamps should be disabled in /etc/sudoers, or sudo should do a better job of making sure the user is trying to use sudo from the same shell. Possibly check the PID and file name of the shell's process.

By default, the timestamps should be disabled in /etc/sudoers, or sudo should do a better job of making sure the user is trying to use sudo from the same shell. Possibly check the PID and file name of the shell's process.

Written by andruk the 31 Jan 09 at 15:10.

Timeouts for sudo are quite nice, and so you will not be able to remove them entirely by default (although there are ideas on Brainstorm to adjust the sudo time that will probably be implemented). The security issue is that you can sudo in a tty, then logout of the tty, log back in, and if you have done so within the sudo timeout you will not be asked to authenticate when you try to do something with sudo.

This is a security issue because a user may not realize that when they login the second time that their previous sudo "session" is still running.

I think that part of the logout process should kill any sudo "sessions" that are still alive.

Timeouts for sudo are quite nice, and so you will not be able to remove them entirely by default (although there are ideas on Brainstorm to adjust the sudo time that will probably be implemented). The security issue is that you can sudo in a tty, then logout of the tty, log back in, and if you have done so within the sudo timeout you will not be asked to authenticate when you try to do something with sudo. This is a security issue because a user may not realize that when they login the second time that their previous sudo "session" is still running. I think that part of the logout process should kill any sudo "sessions" that are still alive.

Written by cheesehead the 3 Feb 09 at 00:31.

If you feel this is a problem, end the sudo period manually anytime you wish with sudo's -k flag. You can also add it to your scripts, .bashrc, logouts, etc.

If you feel this is a problem, end the sudo period manually anytime you wish with sudo's -k flag. You can also add it to your scripts, .bashrc, logouts, etc.

Written by alexandros.java the 21 Mar 09 at 13:36.

Probably the System>Administration>Users and Groups should have options to configure various stuff regarding the /etc/sudoers file.

Probably the System>Administration>Users and Groups should have options to configure various stuff regarding the /etc/sudoers file.

Written by Lachu the 10 Jan 10 at 11:43.

Just allow user/program to set sudo caller id, like "xAr4a", itd. With key icon on tray, we can delay executing of all sudo command and showing warning in tray:
"Some program identified by xAr4a would execute action: rm -rf / . To avoid it, click key icon on tray. Command will be executed in " x " seconds" .

Also allow to set X Window Id, to allow user see at really command invoking in this shell tries ran this command(it should show the same identifier.

Just allow user/program to set sudo caller id, like "xAr4a", itd. With key icon on tray, we can delay executing of all sudo command and showing warning in tray: "Some program identified by xAr4a would execute action: rm -rf / . To avoid it, click key icon on tray. Command will be executed in " x " seconds" . Also allow to set X Window Id, to allow user see at really command invoking in this shell tries ran this command(it should show the same identifier.