I concur. Vadim I like the basic idea, but I do not like that in the bogus case we still run all the priviledged user auth code.
On Thu, Jul 16, 2015 at 4:30 PM, Ted Unangst <t...@tedunangst.com> wrote: > Vadim Zhukov wrote: >> Ask for a password when we're going to fail() anyway, to avoid >> leaking information about available commands. The sudo(8) behaves >> the same way, FWIW. > > Let's say no for now. I'm not too concerned about this leak. I'm not sure what > a user would hope to discover. Hasn't the sysadmin told them what commands > they can run? > > On the other hand, running more auth code seems riskier. >