nosp wrote:
On Fri, 2003-12-05 at 18:19, Jess Anderson wrote:
nosp <nosp@xxxxxxxxx>:
The PAM authentication that allowed you access the first time
is cached for a period of time.
I didn't know that and to me it too seems a misfeature, trading
a lot of security ...
If you start a second r-c-n job within that time period you
won't get prompted for a password again.
... for a small amount of convenience.
I'm sure that the tradeoff of security for convenience is not to be done
lightly. Before I start speculating, does anyone know the real
motivation for this decision? I'd like to understand that before making
up my mind (those who ignore history...).
I think it was something called "laziness".
For my money, it should be a configurable thing:
1) Only grant root privileges for _this_ job
2) Only grant root privileges for "n" minutes on THIS virtual
terminal
3) Only grant root privileges for "n" minutes for this parent
process (e.g. shell session)
with the default being 1, above. In all cases, however, once the
controlling session is dead (logout, whatever), revoke root privileges.
This also needs to be stuffed into the signal handler for any signal
that can terminate a process (SIGSEGV, etc.).
That's my opinion and I'm sticking with it! ;-)
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- You know the old saying--any technology sufficiently advanced is -
- indistinguishable from a Perl script -
- --Programming Perl, 2nd Edition -
----------------------------------------------------------------------