On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote: > Hi, > > sudo was having a nice feature of not overwhelming the user with password > prompts (cookies :-) ). > > This diff is adding this back to doas(1). >
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote: > Hi, > > sudo was having a nice feature of not overwhelming the user with password > prompts (cookies :-) ). > > This diff is adding this back to doas(1). Agreed, this is one of the sudo features I miss the most. Unfortunately, your patch didn't apply at all and didn't follow the usual style(9) guide. Could you please send a unified diff (diff -upN) next time? I'm probably missing something, but from reading your implementation of checktimeout() it seems that you can easily cumvent the password prompt using something like this (assuming the timeout is enabled for the user): $ touch /tmp/doas.timestamp.$USER $ doas ... Maybe looking at how sudo implemented this would give some ideas of how to implement this feature securely (for one thing the timestamp file was stored in /var/run/sudo/ which was owned by root:wheel).
