On 7/15/22 11:18 AM, Saku Ytti wrote:
May I request information substantiating the risk.
Have you ever walked away from your terminal without locking it? Or seen anyone else do it?
Unless you are within Sudo's grace period (defaults to five minutes) the person at your keyboard won't be able to authenticate to sudo as you if they have to enter your password.
There are also concerns of changing effective users on systems to one that has the NOPASSWD: option, thereby enabling the original user to do what the new user could do without authenticating as the new user.
As far as I see, infosec is largely horoscopes for IT people.
I don't believe avoiding NOPASSWD: is just a horoscope. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
