Vadim Zhukov wrote: > Ask for a password when we're going to fail() anyway, to avoid > leaking information about available commands. The sudo(8) behaves > the same way, FWIW.
Let's say no for now. I'm not too concerned about this leak. I'm not sure what a user would hope to discover. Hasn't the sysadmin told them what commands they can run? On the other hand, running more auth code seems riskier.