Hi,
Today I found something weird on sudo behavior (at least I wasn't aware
of this). I logged in my server using ssh public key. Once I was in, I
executed 'sudo -i' to become root. My user has full sudo access using
password. Everything normal so far. Then I need it to open a new terminal
(on my local computer) and opened a new ssh connection to the server again.
This second time, using a different tty, I executed 'sudo -i' again and the
server let me become root without ask for my password. Is this normal? I
can imagine a scenario where an attacker got the public and private key of
some user (but not the password) and just connect to the server and execute
sudo in a time frame near to the user and get root access. Should sudo
check, also, the tty of the user when is asking for the password? I am
running OpenBSD 5.0 without any possibility to test that on 5.1 or current.
Could somebody test it? Is that the normal behavior of sudo?
Thanks so much in advance and kind regards,
Alvaro
