Package: sudo Version: 1.8.5p2-1+nmu2 Severity: normal Dear Maintainer,
I've noticed that sudo -l ususally seems to ask for a password. If a user though gets a single line configured with NOPASSWD, sudo -l doesn't ask for any password and spits out all commands the user is able to run. This could be seen as information exposure. Either the commands the user can run shouldn't be password protected at all, regardless of whether the user has a NOPASSWD line available, or the user should only receive the NOPASSWD lines as output if they don't provide a password. I don't think it's a big deal in general, but it's a strange handling of it and puzzled me because I considered the password question for sudo -l to be somewhat of a security precaution of no information exposure somehow. Thanks! Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los | -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

