bug or feature?
nosp
nosp at xades.com
Fri Dec 5 21:53:24 UTC 2003
On Fri, 2003-12-05 at 19:03, Christoph Wickert wrote:
> Am Fr, den 05.12.2003 schrieb nosp um 18:58:
> > On Fri, 2003-12-05 at 17:43, Elton Woo wrote:
> > > Logging out should "flush" the root permissions, IMVHO.
> >
> > I guess the motivation is that if user X successfully becomes root,
> > within a specified timeout period user X can become root again. I'm
> > sure that if user X became root, logged out, and user Y logged in, they
> > would *not* be able to take advantage of user X's cached privileges.
> > Seems like a good feature to me -- though I'm sure it can be disabled.
>
> I knew that this is a pam issue, but I fully agree with Elton: Root
> permissions need to be flushed when logging out.
Well it's for better minds than me to analyse the security, but I don't
see the difference a logout should make. One either thinks caching a
user's privilege escalation is good or bad. If it's good, why should
whether the user has/had an X session make a difference? What should
the behavior be if they have two X sessions and log out of just one?
More information about the fedora-list
mailing list