This is by DESIGN? Your design is that any user can change the time, and therefore bypass the security of sudo? What's the justification for not having the user enter a password to change the time? Convenience?
Marc, with all due respect, did you even read the bug? "If you disable the sudo password for your account, you will seriously compromise the security of your computer. Anyone sitting at your unattended, logged in account will have complete Root access, and remote exploits become much easier for malicious crackers." This policy kit change adds a single condition: That the user has used sudo to escalate at some point, and it creates /exactly/ the same conditions. I'm going to re-open this just to be sure. It seems incredible that Ubuntu would intentionally let people bypass security like that. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1219337 Title: Users can change the clock without authenticating, allowing them to locally exploit sudo. Status in Cinnamon: New Status in Unity: Invalid Status in “gnome-control-center” package in Ubuntu: New Bug description: Under unity and cinnamon, it is possible for a user to turn off network-syncronized time and then change the time on the system. It is also possible to "cat /var/log/auth.log" and find the last time a user authenticated with sudo, along with which pty they used. If a user had used a terminal and successfully authenticated with sudo anytime in the past, and left the sudo file in "/var/lib/sudo/<username>/", a malicious user could walk up to an unlocked, logged in machine and gain sudo without knowing the password for the computer. To do this, a user would only need to launch a few terminals, figure out which pty they were on via "tty", find the an instance in /var/log/auth.log where sudo was used on that PTY, and set the clock to that time. Once this is done, they can run (for example) "sudo -s" and have a full access terminal. 1) This has been observed on Ubuntu 13.04, and may work on other versions. 2) This may have an effect on various window managers, but I confirmed it on Unity and Cinnamon 3) I expected to have to authenticate when I changed the time and date, as I do on Gnome and KDE. I also expected to be denied permission to auth.log 4) I was able to change the system time to whatever I wanted, and view auth.log. This was sufficient to access sudo without having to type my password. Note: This bug also affects any version of OS X, though the mechanism is different. Some versions don't require you to authenticate to change the time through the GUI, but some do. No version I've seen requires authentication to use the "systemsetup" command, which can alter the time from the command line. This may be an overall bug in sudo. Why can I bypass security by changing the time?! To manage notifications about this bug go to: https://bugs.launchpad.net/cinnamon-desktop/+bug/1219337/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
