On Fri, Jul 3, 2020 at 10:09 PM Samuel Sieb <samuel@xxxxxxxx> wrote: > On 7/3/20 12:53 PM, ToddAndMargo via users wrote: >> Oh of interest, Xfce Pol kit has a YUGE security hole that I >> reported a while back that has yet to be addressed: >> >> xfce pol kit lets others sneak in >> https://github.com/ncopa/xfce-polkit/issues/5 > > That's not a huge security hole and it doesn't let others sneak in > unless they have access to your user for some reason. +1 There's a hard-coded 5-minute timeout in polkit. (sudoers has a "timestamp_timeout" option.) > That's also standard behaviour for sudo. By default, sudo uses one timestamp per tty and allows you to run sudo without authentication for 5 minutes on the same tty. You have to change "timestamp_type" in sudoers to be able to use sudo on multiple ttys with one authentication. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
