[sudo-users] retrieving the remain time of a cached credential

Dennis Schwartz dennis.schwartz at protonmail.com
Fri Sep 27 07:24:57 MDT 2019 

On Thursday, September 26, 2019 6:20 PM, Dennis Schwartz via sudo-users <sudo-users at sudo.ws> wrote:

> On Thursday, September 26, 2019 5:56 PM, Todd C. Miller Todd.Miller at sudo.ws wrote:
>
> > On Thu, 26 Sep 2019 15:41:04 -0000, Dennis Schwartz via sudo-users wrote:
> >
> > > This, that `sudo` can be quite easily prevented of sending security email
> > > is the only thing that still bothers me a bit.
> > > For example, one could define the function
> > >
> > >     sudo-no-email () {
> > >         (
> > >             trap "" XFSZ
> > >             limit filesize 0
> > >             sudo $@
> > >         )
> > >     }
> > >
> > >
> > > and run `sudo-no-email touch /root/some-file` and no security email would
> > > ever be sent if the sudo command fails.
> >
> > This doesn't work in my experiance. If you set the filesize to
> > zero sudo won't be able to function, at least with the current
> > version of sudo. It might have worked on older versions of sudo
> > where the time stamp record was a zero-length file.
> > Here's what I see on Ubuntu 18.04.3 with filesize set to 0:
> > $ sudo id
> > Filesize limit exceeded (core dumped)
> > It probably makes sense for sudo to enforce minimum resource limits
> > but it's not clear exactly what those minimum values should be.
>
> Hmm, strange. I don't run Ubuntu, but under Arch Linux and Debian (buster)
> I get
>
> $ sudo-no-mail ls
> sudo: unable to write to /run/sudo/ts/[username]: File too large
> [sudo] password for [username]:
> test
> $ sudo-no-mail ls
> sudo: unable to write to /run/sudo/ts/[username]: File too large
> [sudo] password for [username]:
> Sorry, try again.
> [sudo] password for [username]:
> Sorry, try again.
> [sudo] password for [username]:
> sudo: 3 incorrect password attempts
> $ sudo --version

Just to be sure I went ahead and installed Ubuntu 18.04.3 in a VM.
Fresh out of the box, I installed zsh and ran

zsh$ ( trap "" XFSZ; limit filesize 0; sudo id )

I get the exact same results as above. I cannot replicate your result
of sudo failing to operate like you indicated.

- Dennis

More information about the sudo-users mailing list