[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#429549: installation-report: option 'timestamp_timeout' in sudo config



Package: installation-reports
Version: 2.29
Severity: normal


Current installer have 2 options:
1.set root password
2.don't set root password
In case 2. the configuration file sudo created with the next settings

user   ALL=(ALL) ALL

I suggest to add an option:

timestamp_timeout 0

This option will prevent getting root rights by malefactor who was
succeed in getting shell on user account (for example through
possible holes in brouser etc.)

In current case a simple script that periodically runs 'sudo command'
or more complicated script that follows for logs activity
/var/log/auth and runs on this log activity 'sudo command' can get
full control on a system where sudo configured by installer.



Reply to: