> On 17 Jul 2015, at 16:18, Bob Beck <b...@openbsd.org> wrote: > > I concur. Vadim I like the basic idea, but I do not like that in the > bogus case we still run all the priviledged user auth code.
sudo also has the -l flag, which lists what commands you're allowed to run. however, it looks like if you arent allowed to run anything on the local machine sudo -l will make it look like you're entering your password incorrectly rather than report that you cant run anything. so a similar problem but different. or i cant type my password good today. dlg > > > On Thu, Jul 16, 2015 at 4:30 PM, Ted Unangst <t...@tedunangst.com> wrote: >> Vadim Zhukov wrote: >>> Ask for a password when we're going to fail() anyway, to avoid >>> leaking information about available commands. The sudo(8) behaves >>> the same way, FWIW. >> >> Let's say no for now. I'm not too concerned about this leak. I'm not sure >> what >> a user would hope to discover. Hasn't the sysadmin told them what commands >> they can run? >> >> On the other hand, running more auth code seems riskier. >> >