|Summary:||Lack of monotonic clock prolongs the default sudo 5 minutes password caching as long as suspend lasts|
|Product:||Base System||Reporter:||Schultz <postutdelning>|
|Component:||misc||Assignee:||freebsd-bugs (Nobody) <bugs>|
|Severity:||Affects Only Me||CC:||emaste|
Description Schultz 2018-01-17 16:32:52 UTC
The five minute caching period of the password in sudo is prolonged when the laptop is suspended. For example: In the terminal I issue a command with sudo, I enter my password, one minute later I suspend the laptop, after one hour I resume and still can issue sudo cammands without being asked for my password for the rest of the five minutes that remained from before suspending. Freebsd 11.1-RELEASE 64bit Laptop: Thinkpad x220 Sudo is used with defaults, except group wheel can issue any command. Expected bahaviour: The suspend-time should count for the caching period or maybe even stop the caching of the password immediately. Originally I have reported a bug directly to the sudo bugzilla: https://bugzilla.sudo.ws/show_bug.cgi?id=779 But as can be seen in the comments Todd C. Miller answered: "FreeBSD doesn't appear to have a monotonic clock that runs while the machine is suspended. The choice is between using a clock that can run backward, potentially defeating the point of the timestamp file, or one that cannot run backward but that is not incremented while suspended. Currently, sudo uses the second option. On most other systems, the monotonic clock either runs while suspended or an alternate clock is available which does. I consider this a FreeBSD failing, rather than a sudo one."