bug#6323: Enhancement request: Add wronly to Coreutils

[Daniel Trebbien]

On 2010-06-02, Bob Proulx <address@hidden> wrote:
> Daniel Trebbien wrote:
>> `sudo` with the `-S` option causes it to write the password prompt (if
>> it requires a password at that time) to standard error and read the
>> password from standard in. The problem is: how do I know if `sudo`
>> requires a password? I need to try to read the password prompt from
>> standard error, but if the password is not required, then the parent
>> process will wait for data on standard error while the child process
>> (`wronly` by this time) waits for data on standard in.
>
> There is always the sudo -k option.  If the user isn't configured with
> NOPASSWD then sudo -k ignores the timestamp file and will always ask
> for a password.  That would make it more consistent.
>
> Newish sudo commands include a -A option along with a SUDO_ASKPASS
> variable.  It will invoke a helper program to read the password.  I
> would probably go that route myself.
>
> Bob
>

I had considered these options, but I cannot assume that sudo is *not*
configured with NOPASSWD, and I can't use an external program to get
the password. Also, I didn't want to store the user's password in the
program's memory (outside of the stack and OS buffers), and the
timeout might expire in between "refreshing" (`sudo -v`) and running
the write command with `sudo`.

I am working on enhancement 26000 to `nano` that would allow it to
write through as root (http://savannah.gnu.org/bugs/?26000).