Bug#429549: installation-report: option 'timestamp_timeout' in sudo config
On Mon, Jun 18, 2007 at 10:31:39PM +0400, Dmitry E. Oboukhov wrote:
> Current installer have 2 options:
> 1.set root password
> 2.don't set root password
> In case 2. the configuration file sudo created with the next settings
>
> user ALL=(ALL) ALL
>
> I suggest to add an option:
>
> timestamp_timeout 0
>
> This option will prevent getting root rights by malefactor who was
> succeed in getting shell on user account (for example through
> possible holes in brouser etc.)
>
> In current case a simple script that periodically runs 'sudo command'
> or more complicated script that follows for logs activity
> /var/log/auth and runs on this log activity 'sudo command' can get
> full control on a system where sudo configured by installer.
I don't think it's that simple. We tried that in Ubuntu three years ago,
and the net effect was that everyone got fed up of being prompted for
their password all the time and just ran 'sudo -s' to get a root shell.
We concluded that this was not a security win once we'd thought about it
in more detail, and reverted it.
--
Colin Watson [cjwatson@debian.org]
Reply to: