Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Remove insecure root 'grace period' from sudo' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Remove insecure root 'grace period' from sudo
Authored by: thype on Jun 01, '05 12:44:16PM

Yes insults does not really need to be there. I just did a copy paste of what my servers have set.

I tested this, and since the tty_tickets and timestamp_timeout=0 are set as defaults, some installs have asked me to login multiple times.

This may have been due to the way the installs worked, but without the above, running sudo once allows any tty access to the same ticket of authority and can keep it open as long as it wants, or until the process is killed.

I am of the belief this works in the same fashion as any *NIX OS, less I am wrong.



[ Reply to This | # ]
Remove insecure root 'grace period' from sudo
Authored by: greed on Jun 01, '05 03:16:20PM
By default, you've got "timestamp_timeout" amount of time from a password prompt to invoke "sudo" again without being prompted for a password.

With "tty_tickets", you're ticket is only good on a single TTY, if you change TTYs but are still within the timeout period, you'll have to type your password.

So, by setting "timestamp_timeout" to 0, you must always enter a password, even if you do two sudos in a row on the same TTY:

sudo true ; sudo true

tty_tickets isn't much help in securing things, because all Cocoa/Carbon apps run under the same TTY ("console"). So the only way to prevent something from taking advantage of you authenticating an installer is to clear the timeout and key the password multiple times instead.

It Would Be Nice if you could set up timestamp_timeout on "console" to 0, but keep it at several minutes for /dev/tty*, so that your Terminal.app, xterm, iTerm.app, and so on windows work as usual.

And yes, this is all standard-on-all-UNIXes behavior of sudo. The unusual thing is the way Apple has automatic sudo in several spots in the GUI. (And I'll give them credit for just using sudo, rather than inventing yet another tool for the job. Though it did expose the timestamp_timeout risk in a way that most sudo-ers don't anticipate--I've tightened up sudo on all my systems as a result.)

[ Reply to This | # ]

Remove insecure root 'grace period' from sudo
Authored by: thype on Jun 01, '05 04:04:45PM

THANX for the clarification.

I was thinking about that after, and found noway to differentiate timeouts for console. There is software to handle this, but nothing that works well, or securely.



[ Reply to This | # ]