Comment 0 for bug 857502

When deleting a user, its sudo time stamp file if any is not invalidated. This means that if the same use is recreated right after the deletion (and joined to the sudo group), the new user can do "sudo -i" without receiving a password prompt.

This could be solved by removing the files under /var/lib/sudo/<user>/ or /var/run/sudo/<user>/ (on older Ubuntu versions).

$ lsb_release -rd
Description: Ubuntu 11.04
Release: 11.04

$ apt-cache policy adduser
adduser:
  Installed: 3.112+nmu1ubuntu5
  Candidate: 3.112+nmu1ubuntu5
  Version table:
 *** 3.112+nmu1ubuntu5 0
        500 http://ca.archive.ubuntu.com/ubuntu/ natty/main amd64 Packages
        100 /var/lib/dpkg/status

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: adduser 3.112+nmu1ubuntu5
ProcVersionSignature: Ubuntu 2.6.38-11.50-generic 2.6.38.8
Uname: Linux 2.6.38-11-generic x86_64
Architecture: amd64
Date: Fri Sep 23 11:03:57 2011
PackageArchitecture: all
ProcEnviron:
 LANGUAGE=en_US:en
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: adduser
UpgradeStatus: No upgrade log present (probably fresh install)