It's a bit more complicated than that, but not much: Sudo stores the SID in the authentication file. However, setsid is installed by default, so you can just launch processes with new SIDs until you get a match. You can either run setsid and sudo a bunch and hope that you match up, or you can look up the SID (also found in auth.log) and match that without running sudo. It's not trivial, but it's certainly doable.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1219337 Title: Users can change the clock without authenticating, allowing them to locally exploit sudo. To manage notifications about this bug go to: https://bugs.launchpad.net/cinnamon-desktop/+bug/1219337/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
