bug or feature?
Michael Schwendt
ms-nospam-0306 at arcor.de
Fri Dec 5 19:37:12 UTC 2003
On Fri, 05 Dec 2003 12:43:00 -0500, Elton Woo wrote:
> On Fri, 2003-12-05 at 12:13, Christoph Wickert wrote:
> > Hi there!
> >
> > Restoring sessions is a cool feature I think: In KDE, you can logout and
> > leave a konqueror window open, when you log in again, it will even try
> > to restore the last webpage you have viewed.
> >
> > But what do you think about thins: As normal user I started
> > redhat-config-network and logged out a little later without exiting it.
> > Direcly logged in (I needed to restart the X server) again and
> > redhat-config-network was restored WITHOUT ASKING FOR A PASSWORD!!!
> >
> > This is a massive security problem I think!
> I would STRONGLY recommend posting a bug report. This should not
> happen. Logging out should "flush" the root permissions, IMVHO.
It's the pam_timestamp module and is intended behaviour. It sets a cookie
for a limited time, so you don't need to repeat entering the root password
for subsequent sysconfig tools.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20031205/386ee690/attachment-0001.sig>
More information about the fedora-list
mailing list