[Bug 225265] Lack of monotonic clock prolongs the default sudo 5 minutes password caching as long as suspend lasts
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jan 17 16:32:53 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225265
Bug ID: 225265
Summary: Lack of monotonic clock prolongs the default sudo 5
minutes password caching as long as suspend lasts
Product: Base System
Version: 11.1-RELEASE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: misc
Assignee: freebsd-bugs at FreeBSD.org
Reporter: postutdelning at gmail.com
The five minute caching period of the password in sudo is prolonged when the
laptop is suspended. For example: In the terminal I issue a command with sudo,
I enter my password, one minute later I suspend the laptop, after one hour I
resume and still can issue sudo cammands without being asked for my password
for the rest of the five minutes that remained from before suspending.
Freebsd 11.1-RELEASE 64bit
Laptop: Thinkpad x220
Sudo is used with defaults, except group wheel can issue any command.
Expected bahaviour: The suspend-time should count for the caching period or
maybe even stop the caching of the password immediately.
Originally I have reported a bug directly to the sudo bugzilla:
https://bugzilla.sudo.ws/show_bug.cgi?id=779
But as can be seen in the comments Todd C. Miller answered:
"FreeBSD doesn't appear to have a monotonic clock that runs while the machine
is suspended. The choice is between using a clock that can run backward,
potentially defeating the point of the timestamp file, or one that cannot run
backward but that is not incremented while suspended.
Currently, sudo uses the second option. On most other systems, the monotonic
clock either runs while suspended or an alternate clock is available which
does. I consider this a FreeBSD failing, rather than a sudo one."
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list