Hacker News new | past | comments | ask | show | jobs | submit login

Interesting! Does sudo somehow get confused about checking for a password at all when the current date is the UNIX epoch?

I wonder, does this require the user to be listed in sudoers with any privileges or is it just straight to root?




This gives you only the privileges that a successful "sudo" would give you, and requires a previous successful "sudo". It's a nice hack, but hardly the end of the world.


It is, however, the beginning of the UNIX world


the user does have to be listed in sudoers.

there's no confusion with sudo, it's running as designed. It compares the current timestamp to the user timestamp to determine whether to ask for a password or not. The first flaw is in the date command allowing unprivileged users to set the time. The second is that the -K flag to sudo makes the -k flag obsolete, so the latter should be dropped.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: