Consider this: You type $sudo apt-get upgrade and get a list of things that need upgrading with a "Y\n" confirmation. before you can read the list, and type "Y" or "n", the phone rings, or your boss comes in, or you do some thing else. You come back an hour later, and hit Y to install updates.
you are not prompted again for a password. presumably, any more sudo commands in the shell will execute, because the timer has been on hold waiting for the user input. Or a user can kill the update process and do something like sudo -i and simply stay in root indefinitely.
I am using ubuntu mate 14.04
is this a noteworthy security exception? Should I try to report it some place? If so, where?
You aren't prompted for a password because sudo has done it's job and started apt-get as root. While it's in the prompt, the apt-get process is still running, and so since it's still running as root, there's no need to enter your password again.
In other words, as long as a sudo'ed process is running, you won't be asked to enter your password again for that process; sudo doesn't interrupt the process every 15 minutes (the default timeout) and ask for your password.
Now, if you were to open another terminal and try to run another process under sudo, then you will be prompted for your password.
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다