1. Because that doesn't fix the vulnerability, only narrows the window in which ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

theg5prank on Aug 30, 2013 | parent | context | favorite | on: Mac OS X Sudo Password Bypass

1. Because that doesn't fix the vulnerability, only narrows the window in which the exploit works.

2. Because it breaks the "ttl" feature of sudo for people who log in and out frequently (e.g., create and destroy terminal windows).

3. Because .bash_logout is only executed when a login shell exits.

Perhaps a similar but more elaborate solution could work to better mitigate this, though.

thoughtsimple on Aug 30, 2013 [–]

This is probably good enough for most purposes if the user is somewhat informed.

Always use a new shell for sudo. Always exit that shell when done.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact