> > So with a classical add of one user (just adding > > > > superman ALL=(ALL) ALL > > > > as it is done in Ubuntu for instance), a simple script like > > [...] > > call one time by superman erase the file system as soon > > as a sudo call is done. This configuration is very used. > > Indeed, as soon as one managed to do the sudo call that would work, > though I fail to see why it would be a problem in sudo. It works as > expected. > > > The package must be or configured with tty_tickets in sudoers > > file , or compiled with the option --with-tty-tickets. This solves > > the problem. > > tty tickets don't solve anything, they just make the 15' happen per tty > instead of globally AFAICS. > tty-tickets solves this problem. If the script is called as many beginning users do by clecking on a joined file in mail for instance, or doing it in another xterm window, nothing happens with tty-tickets, but if there is not tty-tickets, sudo works without asking password. > The real problem you experience seems to be that you don't like the > default Ubuntu uses as sudo configuration, no? > You are right, but I think the problem is here. It's to you to decide if it's really a problem (as I really think) or not.
PS: > > Justification: root security hole > I think this is very much overinflated and I fail to see the security hole. If it's a problem, it's a security hole. The question is «Is it a real problem or not. I did not find a good category in the reportbug (whishlist perhaps but as I think it's really a security problem...) Regards and thanks for your answer, for your ability to read my english and sorry if you think I'm wrong François Boisson -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org