Bugzilla – Bug 445
Always prompts for password when run without a tty
Last modified: 2011-01-15 12:20:30 MST
Using sudo 1.7.4p4 on Debian, I've found that, if a sudo invocation doesn't match a NOPASSWD rule, sudo now always prompts for a password when run without a tty, even if tty_tickets is not enabled and the current ticket is valid. Digging through things, the problem seems to be in check.c, introduced in changeset 4606:5880200c5f6b. Part of that changeset includes a bit (~ line 499) that skips the ticket timestamp checking if there is no tty. That is of course appropriate if tty_tickets is enabled, but the code neglects to check whether it is in fact enabled at that point. That line of code still exists in plugins/sudoers/check.c in the latest hg tree, but I don't know if other changes in the surrounding code might have tweaked its behavior. I don't know how much of a problem this is for people generally, but for me personally it causes issues in scripts that prompt the user to create/renew their sudo ticket at the start and then attempt to use sudo non-interactively several times shortly thereafter.
Created attachment 296 [details] Patch to honor timestamp file when targetpw is set It used to be the case that the timestamp file was only used when tty tickets were in use. Now, however, it is also used when targetpw is set in sudoers. I've attached a patch that should address this.
Patch works for me, thank you.
Excellent. The patch will be part of sudo 1.7.5 which should be out in 3 weeks or so.
Fixed in sudo 1.7.4p5