[LUNI] ubuntu issues

[Joe Frost]

> I installed ubuntu 6.06.  I guess as advertised, from the
> userid created at install time I could sudo to root.  The
> first time I did a sudo -i it requested a password, but
> thereafter it did not.  How is this secure?  won't
> maleware writers learn that all they have to do is issue
> a "sudo" and they can do anything it could do if the
> person was logged on as root? 


It has a timeout. It defaults to 15 minutes unless changed in
the /etc/sudoers.  Use visudo and add something like

Defaults	timestamp_timeout=0

and you'll get prompted for a password everytime.

JOe