On Fri, 05 Dec 2003 12:43:00 -0500, Elton Woo wrote: > On Fri, 2003-12-05 at 12:13, Christoph Wickert wrote: > > Hi there! > > > > Restoring sessions is a cool feature I think: In KDE, you can logout and > > leave a konqueror window open, when you log in again, it will even try > > to restore the last webpage you have viewed. > > > > But what do you think about thins: As normal user I started > > redhat-config-network and logged out a little later without exiting it. > > Direcly logged in (I needed to restart the X server) again and > > redhat-config-network was restored WITHOUT ASKING FOR A PASSWORD!!! > > > > This is a massive security problem I think! > I would STRONGLY recommend posting a bug report. This should not > happen. Logging out should "flush" the root permissions, IMVHO. It's the pam_timestamp module and is intended behaviour. It sets a cookie for a limited time, so you don't need to repeat entering the root password for subsequent sysconfig tools. --
Attachment:
pgpekm07KRdgU.pgp
Description: PGP signature
