https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225265
Bug ID: 225265
Summary: Lack of monotonic clock prolongs the default sudo 5
minutes password caching as long as suspend lasts
Product: Base System
Version: 11.1-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: misc
Assignee: [email protected]
Reporter: [email protected]
The five minute caching period of the password in sudo is prolonged when the
laptop is suspended. For example: In the terminal I issue a command with sudo,
I enter my password, one minute later I suspend the laptop, after one hour I
resume and still can issue sudo cammands without being asked for my password
for the rest of the five minutes that remained from before suspending.
Freebsd 11.1-RELEASE 64bit
Laptop: Thinkpad x220
Sudo is used with defaults, except group wheel can issue any command.
Expected bahaviour: The suspend-time should count for the caching period or
maybe even stop the caching of the password immediately.
Originally I have reported a bug directly to the sudo bugzilla:
https://bugzilla.sudo.ws/show_bug.cgi?id=779
But as can be seen in the comments Todd C. Miller answered:
"FreeBSD doesn't appear to have a monotonic clock that runs while the machine
is suspended. The choice is between using a clock that can run backward,
potentially defeating the point of the timestamp file, or one that cannot run
backward but that is not incremented while suspended.
Currently, sudo uses the second option. On most other systems, the monotonic
clock either runs while suspended or an alternate clock is available which
does. I consider this a FreeBSD failing, rather than a sudo one."
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
