Bug 779

Summary: Sudo default 5 minutes password caching ignored when laptop is suspended
Product: Sudo Reporter: A. Soldon <zaroff>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED WONTFIX    
Severity: normal CC: nigon.nanta2523
Priority: low    
Version: 1.8.19   
Hardware: All   
OS: FreeBSD   

Description A. Soldon 2017-03-14 12:21:12 MDT 
The caching of the password is enabled for 5 minutes. When I leave the terminal open after having issued a command with sudo and then suspend for a longer period of time, for example two hours, I can resume and then issue a command with sudo in the open terminal without being asked for the password.
Comment 1 Todd C. Miller 2017-03-14 12:57:37 MDT 
FreeBSD doesn't appear to have a monotonic clock that runs while the machine is suspended.  The choice is between using a clock that can run backward, potentially defeating the point of the timestamp file, or one that cannot run backward but that is not incremented while suspended.

Currently, sudo uses the second option.  On most other systems, the monotonic clock either runs while suspended or an alternate clock is available which does.  I consider this a FreeBSD failing, rather than a sudo one.
Comment 2 Todd C. Miller 2019-04-08 13:59:55 MDT 
This is not fixable until FreeBSD provides a monotonic clock that runs while suspended, like CLOCK_BOOTTIME on Linux.