[sudo-users] retrieving the remain time of a cached credential
Todd C. Miller
Todd.Miller at sudo.ws
Thu Sep 26 09:56:00 MDT 2019
On Thu, 26 Sep 2019 15:41:04 -0000, Dennis Schwartz via sudo-users wrote:
> This, that `sudo` can be quite easily prevented of sending security email
> is the only thing that still bothers me a bit.
> For example, one could define the function
>
> sudo-no-email () {
> (
> trap "" XFSZ
> limit filesize 0
> sudo $@
> )
> }
>
> and run `sudo-no-email touch /root/some-file` and no security email would
> ever be sent if the sudo command fails.
This doesn't work in my experiance. If you set the filesize to
zero sudo won't be able to function, at least with the current
version of sudo. It might have worked on older versions of sudo
where the time stamp record was a zero-length file.
Here's what I see on Ubuntu 18.04.3 with filesize set to 0:
$ sudo id
Filesize limit exceeded (core dumped)
It probably makes sense for sudo to enforce minimum resource limits
but it's not clear exactly what those minimum values should be.
- todd
More information about the sudo-users
mailing list