On 2010-06-02, Bob Proulx <[email protected]> wrote: > Daniel Trebbien wrote: >> `sudo` with the `-S` option causes it to write the password prompt (if >> it requires a password at that time) to standard error and read the >> password from standard in. The problem is: how do I know if `sudo` >> requires a password? I need to try to read the password prompt from >> standard error, but if the password is not required, then the parent >> process will wait for data on standard error while the child process >> (`wronly` by this time) waits for data on standard in. > > There is always the sudo -k option. If the user isn't configured with > NOPASSWD then sudo -k ignores the timestamp file and will always ask > for a password. That would make it more consistent. > > Newish sudo commands include a -A option along with a SUDO_ASKPASS > variable. It will invoke a helper program to read the password. I > would probably go that route myself. > > Bob >
I had considered these options, but I cannot assume that sudo is *not* configured with NOPASSWD, and I can't use an external program to get the password. Also, I didn't want to store the user's password in the program's memory (outside of the stack and OS buffers), and the timeout might expire in between "refreshing" (`sudo -v`) and running the write command with `sudo`. I am working on enhancement 26000 to `nano` that would allow it to write through as root (http://savannah.gnu.org/bugs/?26000).
