Bug 450013: (CVE-2010-2757) [SECURITY] Can sudo a user without sending email

r=glob a=LpSolit
author: Frédéric Buclin <LpSolit@gmail.com> 2010-08-04 23:41:02 +0200
committer: Frédéric Buclin <LpSolit@gmail.com> 2010-08-04 23:41:02 +0200
commit: 2ea4b3d38e8a012f61d20e6831daaf06493c3d95 (patch)
tree: 417fb44234468b46c3cbbf8659173e68161d9680 /Bugzilla
parent: 1741f7c98b480f25fa707011e00765353499dd8f (diff)
download: bugzilla-2ea4b3d38e8a012f61d20e6831daaf06493c3d95.tar.gz
bugzilla-2ea4b3d38e8a012f61d20e6831daaf06493c3d95.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index bfb8d190d..2477d546f 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -160,6 +160,7 @@ use Memoize;
 
     MAX_TOKEN_AGE
     MAX_LOGINCOOKIE_AGE
+    MAX_SUDO_TOKEN_AGE
     MAX_LOGIN_ATTEMPTS
     LOGIN_LOCKOUT_INTERVAL
     MAX_STS_AGE
@@ -415,6 +416,8 @@ use constant TIMETRACKING_FIELDS =>
 use constant MAX_TOKEN_AGE => 3;
 # How many days a logincookie will remain valid if not used.
 use constant MAX_LOGINCOOKIE_AGE => 30;
+# How many seconds (default is 6 hours) a sudo cookie remains valid.
+use constant MAX_SUDO_TOKEN_AGE => 21600;
 
 # Maximum failed logins to lock account for this IP
 use constant MAX_LOGIN_ATTEMPTS => 5;
author	Frédéric Buclin <LpSolit@gmail.com>	2010-08-04 23:41:02 +0200
committer	Frédéric Buclin <LpSolit@gmail.com>	2010-08-04 23:41:02 +0200
commit	2ea4b3d38e8a012f61d20e6831daaf06493c3d95 (patch)
tree	417fb44234468b46c3cbbf8659173e68161d9680 /Bugzilla
parent	1741f7c98b480f25fa707011e00765353499dd8f (diff)
download	bugzilla-2ea4b3d38e8a012f61d20e6831daaf06493c3d95.tar.gz bugzilla-2ea4b3d38e8a012f61d20e6831daaf06493c3d95.tar.xz