105641 – sudo function altered to insecure mode

Bug 105641 - sudo function altered to insecure mode

Summary: sudo function altered to insecure mode

Status:	RESOLVED WONTFIX

Alias:	None

Product:	SUSE LINUX 10.0
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Beta 2
Hardware:	i586 All

Priority:	P5 - None Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-08-18 17:47 UTC by Jonathon Robison
Modified:	2005-08-19 07:27 UTC (History)
CC List:	0 users

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jonathon Robison 2005-08-18 17:47:32 UTC

In Beta 2 (not sure about 1), when you use sudo, it is asking for ROOT's
password, not the users.  My user is in /etc/sudoers as jrobiso2 ALL=(ALL) ALL.
Normally, the user is asked to input his password to make sure he is who he says
he is. Now, it wants ROOT password!  This would require giving out root
password, which is the opposite purpose of what sudo controls exist for!

Comment 1 Ludwig Nussel 2005-08-19 07:27:40 UTC

Well, you are free to configure it to behave this way on your system. See 
comments at "Defaults targetpw".