Bug 779 – Sudo default 5 minutes password caching ignored when laptop is suspended

Bug 779 - Sudo default 5 minutes password caching ignored when laptop is suspended


Summary:	Sudo default 5 minutes password caching ignored when laptop is suspended

Status:	RESOLVED WONTFIX

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.19
Hardware:	All FreeBSD

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-03-14 12:21 MDT by A. Soldon
Modified:	2019-04-08 13:59 MDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description A. Soldon 2017-03-14 12:21:12 MDT

The caching of the password is enabled for 5 minutes. When I leave the terminal open after having issued a command with sudo and then suspend for a longer period of time, for example two hours, I can resume and then issue a command with sudo in the open terminal without being asked for the password.

Comment 1 Todd C. Miller 2017-03-14 12:57:37 MDT

FreeBSD doesn't appear to have a monotonic clock that runs while the machine is suspended.  The choice is between using a clock that can run backward, potentially defeating the point of the timestamp file, or one that cannot run backward but that is not incremented while suspended.

Currently, sudo uses the second option.  On most other systems, the monotonic clock either runs while suspended or an alternate clock is available which does.  I consider this a FreeBSD failing, rather than a sudo one.

Comment 2 Todd C. Miller 2019-04-08 13:59:55 MDT

This is not fixable until FreeBSD provides a monotonic clock that runs while suspended, like CLOCK_BOOTTIME on Linux.