On 2020-07-05 09:33, Tom H wrote:
On Sun, Jul 5, 2020 at 3:50 AM ToddAndMargo via users
<users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 2020-07-03 13:56, Tom H wrote:
On Fri, Jul 3, 2020 at 10:09 PM Samuel Sieb <samuel@xxxxxxxx> wrote:
On 7/3/20 12:53 PM, ToddAndMargo via users wrote:
Oh of interest, Xfce Pol kit has a YUGE security hole that I
reported a while back that has yet to be addressed:
xfce pol kit lets others sneak in
https://github.com/ncopa/xfce-polkit/issues/5
That's not a huge security hole and it doesn't let others sneak in
unless they have access to your user for some reason.
+1
There's a hard-coded 5-minute timeout in polkit. (sudoers has a
"timestamp_timeout" option.)
That's also standard behaviour for sudo.
By default, sudo uses one timestamp per tty and allows you to run
sudo without authentication for 5 minutes on the same tty. You have
to change "timestamp_type" in sudoers to be able to use sudo on
multiple ttys with one authentication.
That explains a lot. Thank you.
In Linux, everything is configurable.
How do I disable this behavior?
You're welcome.
For sudo: "Defaults timestamp_timeout=0"
For polkit: not possible.
Thank you!
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
