On 7 Aug 2010, at 14:27, Kassen wrote:
Though restrictions can be implemented, that is not so in Mac OS X. In addition, when one does a 'sudo', it is valid for a few minutes, which can be exploited by malware, by trying every minute if the user has enabled root permissions.
It might be preferable to restrict root access to a single bash session, or perhaps to require it for every command. System-wide root access sounds a bit excessive to me, but I don't know what considerations went into that choice.
I checked how it can be turned off, would there be a concern. (On mac OS X, the default time is 5 minutes.) Also see 'man sudoers'. First choose your favorite editor, say by export EDITOR=emacs Then sudo visudo and add a line Defaults timestamp_timeout = 0 This loophole is probably considered rather theoretical: you would somehow need to get a malware program and run it. One can cut off the time using 'sudo -k'.