On Wed, 11 Sep 2013 20:59:08 -0400, "Michael W. Lucas" wrote: > I've noticed that the sudo on OpenBSD seems to have !ttytickets set by > default. In other words, I authenticate sudo once on, say, ttyp4, and > all of my login sessions on all my other ttyp* have authenticated to > sudo. > > This, well, kind of surprised me. I'm sure you folks have thought this > through in much more detail than I have, but I can't find anything on > the rationale behind it.
It's quite simple really, the version of sudo in OpenBSD (a patched version of 1.7.2p8) predates the change use tty_tickets by default. I've always felt that tty_tickets gives a false sense of security, though it is somewhat improved in more recent sudo versions where the tty is determined via sysctl() rather than by ttyname(). - todd
