[sudo-users] Solution for timestamp matters.

slawek slawek at lach.art.pl
Sun Jan 10 06:54:41 EST 2010


I have idea to making sudo saver.
The main problem is timestamp. It was great, because I don't must type
any time my password, but it also insecure.

Main distribution provide invention with key tray icon. After click on
it, timestamp will be removed.

I think, we must do more think. The ideal solution is providing central
database for current session with some think like login/passwords, but
for programs. Database with passwords and logins for session will be
only accessible for root.

When program/user invokes:
sudo sessionopen identifier [password]

Sudo will asks user to accept this identifier, select privileges and
sudo behaviour. After that, user must type password according to sudo
settings(root password or current user password).

Possible settings are:
1. Invoking command for account
- Delaying each command, showing that command in tray(most secure). User
can prevent to doing tools any think and removing account for program,
by clicking disallow.
- Normal behaviour - command will invokes normally
- Simulation(in future) - command will not be really invokes, but
invokes only in chroot sandbox with AUFS enabled.

2. Privileges level:
- User - command will only invokes commands enabled for current user,
user password needed
- Administrative - user must input administrator password - command may
do any think
- Others

If command is disallowed,  user may input administrative password.

If some command(or user invokes):
sudo sessionopen installing_firefox (without password)

We only asks for accept(with prompting password) identifier and sets
default options for this id(delaying each command).

The delay time should be 10 seconds.

Use cases:
I have read on some web pages about way to install newest version of
Firefox, so i prompt:
sudo sessionopen installing_firefox

Next, I input my(on Ubuntu) password. Each command like:
sudo --use-id=installing_firefox [command]

Will be processing for some period of time, so I can correct misspelling
or drop privileges any time.

It will be very intuitive and secure way. Programs, which don't know
about identification and passwords for it, will not use sudo at the
time, where I doing administrative task.

More information about the sudo-users mailing list