On Sun, Jul 5, 2020 at 3:50 AM ToddAndMargo via users
<users(a)lists.fedoraproject.org> wrote:
On 2020-07-03 13:56, Tom H wrote:
> On Fri, Jul 3, 2020 at 10:09 PM Samuel Sieb <samuel(a)sieb.net> wrote:
>> On 7/3/20 12:53 PM, ToddAndMargo via users wrote:
>>>
>>> Oh of interest, Xfce Pol kit has a YUGE security hole that I
>>> reported a while back that has yet to be addressed:
>>>
>>> xfce pol kit lets others sneak in
>>>
https://github.com/ncopa/xfce-polkit/issues/5
>>
>> That's not a huge security hole and it doesn't let others sneak in
>> unless they have access to your user for some reason.
>
> +1
>
> There's a hard-coded 5-minute timeout in polkit. (sudoers has a
> "timestamp_timeout" option.)
>
>> That's also standard behaviour for sudo.
>
> By default, sudo uses one timestamp per tty and allows you to run
> sudo without authentication for 5 minutes on the same tty. You have
> to change "timestamp_type" in sudoers to be able to use sudo on
> multiple ttys with one authentication.
That explains a lot. Thank you.
In Linux, everything is configurable.
How do I disable this behavior?
You're welcome.
For sudo: "Defaults timestamp_timeout=0"
For polkit: not possible.