[sudo-workers] [Patch] Ability to communicate to a frontend

Hongli Lai h.lai at chello.nl
Wed Jan 12 16:49:28 EST 2005

Various people have tried to write graphical frontends for sudo. But 
right now, creating a good frontend is not easy, if possible at all.

sudo writes it's current state to the terminal, and reads the password 
from the terminal/stdin. Because of this, there's no way to tell whether 
authentication succeeded, until the child process exits or until it 
prints output. It's impossible for frontends to only check whether 
authentication succeeded, and then leave the child process alone.
It's also impossible to setup a pipe communication with the child 
process, because you don't know whether sudo will ask the password.

Here's a patch which allows sudo to send it's state information to 
different a file descriptor, and to read the password from a different 
file descriptor.

The frontend calls pipe(). Let's say pipe() returns 4 and 5 as file 
descriptors. The frontend runs:
sudo -f 4 5 xterm

sudo will print it's state information (password required, 
authentication succeeded/failed, errors, etc.) to file descriptor 4, and 
will read the password from file descriptor 5.

I think this patch is crucial for properly implementing graphical 
frontends. Please comment on the patch.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sudo-patch
URL: </pipermail/sudo-workers/attachments/20050112/b9f1a32e/attachment.ksh>

More information about the sudo-workers mailing list