Bug#429549: installation-report: option 'timestamp_timeout' in sudo config
Package: installation-reports
Version: 2.29
Severity: normal
Current installer have 2 options:
1.set root password
2.don't set root password
In case 2. the configuration file sudo created with the next settings
user ALL=(ALL) ALL
I suggest to add an option:
timestamp_timeout 0
This option will prevent getting root rights by malefactor who was
succeed in getting shell on user account (for example through
possible holes in brouser etc.)
In current case a simple script that periodically runs 'sudo command'
or more complicated script that follows for logs activity
/var/log/auth and runs on this log activity 'sudo command' can get
full control on a system where sudo configured by installer.
Reply to: