Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 17 Jan 2018 16:32:52 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 225265] Lack of monotonic clock prolongs the default sudo 5 minutes password caching as long as suspend lasts
Message-ID:  <bug-225265-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225265

            Bug ID: 225265
           Summary: Lack of monotonic clock prolongs the default sudo 5
                    minutes password caching as long as suspend lasts
           Product: Base System
           Version: 11.1-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: misc
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: postutdelning@gmail.com

The five minute caching period of the password in sudo is prolonged when the
laptop is suspended. For example: In the terminal I issue a command with su=
do,
I enter my password, one minute later I suspend the laptop, after one hour I
resume and still can issue sudo cammands without being asked for my password
for the rest of the five minutes that remained from before suspending.

Freebsd 11.1-RELEASE  64bit
Laptop: Thinkpad x220

Sudo is used with defaults, except group wheel can issue any command.

Expected bahaviour: The suspend-time should count for the caching period or
maybe even stop the caching of the password immediately.

Originally I have reported a bug directly to the sudo bugzilla:
https://bugzilla.sudo.ws/show_bug.cgi?id=3D779

But as can be seen in the comments Todd C. Miller answered:

"FreeBSD doesn't appear to have a monotonic clock that runs while the machi=
ne
is suspended.  The choice is between using a clock that can run backward,
potentially defeating the point of the timestamp file, or one that cannot r=
un
backward but that is not incremented while suspended.

Currently, sudo uses the second option.  On most other systems, the monoton=
ic
clock either runs while suspended or an alternate clock is available which
does.  I consider this a FreeBSD failing, rather than a sudo one."

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-225265-8>