Unmarking as a security vulnerability. An admin user should not have a
passwordless login. Also, this bug is not in sudo but in gnome-session
(which would be the one to run 'sudo -k'). Finally, since this bug is
nearly 5 years old, it seems clear it is not going to be fixed in
Ubuntu. Please feel
** Changed in: gnome-session (Ubuntu)
Status: New = Confirmed
** Changed in: gnome-session (Ubuntu)
Importance: Undecided = Wishlist
--
logging out of GNOME session should invalidate sudo tty tickets
https://bugs.launchpad.net/bugs/46890
You received this bug notification because you
I don't think it is a feature, but realy a bug.
--
logging out of GNOME session should invalidate sudo tty tickets
https://bugs.launchpad.net/bugs/46890
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gnome-session in ubuntu.
--
I'm not sure this really qualifies as a security bug, because you
explicitly allow some privilege escalation by setting a user as not
requiring a password to login. And for an admin that is aware of this
problem there are a couple of ways to keep the no password login but
have a safe sudo: