[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sudo:: method in tramp possible security issue

From: John Shahid
Subject: Re: sudo:: method in tramp possible security issue
Date: Wed, 21 Nov 2018 09:44:37 -0500
User-agent: mu4e 1.1.0; emacs 27.0.50

Michael Albinus <address@hidden> writes:

> The command `tramp-cleanup-connection' closes any background session for
> a Tramp connection, including removing cached passwords. Maybe we shall
> call this for sudo/su methods automatically after a given timeout, like
> the password expiration for sudo in a terminal. 5 minutes seem to be a
> sensible value to me.

Warning, I am not familiar with the internals of tramp, so please
forgive my following comment if it doesn't make sense.

Is there a reason for doing a manual expiration instead of relying on
the default sudo behavior.  If tramp start a new sudo shell for example
to get file attributes, then sudo can take care of caching the password
or asking for it after the configured timeout.  That would consolidate
the configuration in one place (i.e. /etc/sudoers for the timeout) as
well as let users manage the cache (e.g. sudo -k when the user logs out)
the same way they do today.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]