On Sun, Jul 5, 2020 at 3:50 AM ToddAndMargo via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > On 2020-07-03 13:56, Tom H wrote: >> On Fri, Jul 3, 2020 at 10:09 PM Samuel Sieb <samuel@xxxxxxxx> wrote: >>> On 7/3/20 12:53 PM, ToddAndMargo via users wrote: >>>> >>>> Oh of interest, Xfce Pol kit has a YUGE security hole that I >>>> reported a while back that has yet to be addressed: >>>> >>>> xfce pol kit lets others sneak in >>>> https://github.com/ncopa/xfce-polkit/issues/5 >>> >>> That's not a huge security hole and it doesn't let others sneak in >>> unless they have access to your user for some reason. >> >> +1 >> >> There's a hard-coded 5-minute timeout in polkit. (sudoers has a >> "timestamp_timeout" option.) >> >>> That's also standard behaviour for sudo. >> >> By default, sudo uses one timestamp per tty and allows you to run >> sudo without authentication for 5 minutes on the same tty. You have >> to change "timestamp_type" in sudoers to be able to use sudo on >> multiple ttys with one authentication. > > That explains a lot. Thank you. > > In Linux, everything is configurable. > > How do I disable this behavior? You're welcome. For sudo: "Defaults timestamp_timeout=0" For polkit: not possible. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
