Vadim Zhukov wrote: > Ask for a password when we're going to fail() anyway, to avoid > leaking information about available commands. The sudo(8) behaves > the same way, FWIW. > > okay?
i need to think about this for a bit. there's a strange interaction where if the nopasswd option is used, you've now created the opposite problem. maybe. also, we may want to create a fake password prompt without running through all the user auth machinery, but it gets harder then because you have to run bcrypt the right number of times, etc., etc. so maybe ok, but not right away?