When I log in, openbox starts and it lasts a bit until conky, background and the taskbar are loaded.
In this time you are able to get root access by running for example "gksudo thunar".
Then gksudo doesn't ask for a password.
sudo nano /etc/sudoers
from man sudoers:
Number of minutes that can elapse before sudo will ask for a passwd again. The timeout may include a fractional component if minute granularity is insufficient, for example 2.5. The default is 15. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's timestamp will never expire. This can be used to allow users to create or delete their own timestamps via sudo -v and sudo -k respectively
Number of minutes before the sudo password prompt times out, or 0 for no timeout. The timeout may include a fractional component if minute granularity is insufficient, for example 2.5. The default is 0.
Last edited by bp (2013-01-06 10:49:07)
^ I think k40s means that, during that brief period while Conky and Tint2 are loading, gksudo can launch applications as root without an initial dialog requesting the sudoers password. If this is indeed the case, then I think this does represent a vulnerability that can potentially be exploited by malicious software.
I'm a moderator here. How are we doing? Feedback is encouraged.