[Secure-testing-team] Bug#786555: sudo: time stamp files no longer invalidated at boot
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri May 22 19:31:19 UTC 2015
Package: sudo
Version:
Severity: normal
Tags: security
Sudo 1.8.10 switched to a new time stamp file format that uses the monotonic
clock. Timestamp files moved from /var/lib/sudo to /var/lib/sudo/ts.
At boot, the contents of the /var/lib/sudo/ts directory needs to be deleted,
as per the warning in the build log:
configure: Warning: the /var/lib/sudo/ts directory must be cleared at boot time.
configure: You may need to create a startup item to do this.
The sudo package ships with both an init script and a systemd unit file.
Unfortunately, the init script sets the date on the timestamp files to epoch,
which is no longer the proper way to invalidate them. The systemd unit file
doesn't seem to work at all.
Downstream bug report:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1458031
More information about the Secure-testing-team
mailing list