Re: sudo:: method in tramp possible security issue

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sudo:: method in tramp possible security issue

From:	Michael Albinus
Subject:	Re: sudo:: method in tramp possible security issue
Date:	Wed, 21 Nov 2018 15:52:24 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

John Shahid <address@hidden> writes:

Hi John,

> Is there a reason for doing a manual expiration instead of relying on
> the default sudo behavior.  If tramp start a new sudo shell for example
> to get file attributes, then sudo can take care of caching the password
> or asking for it after the configured timeout.  That would consolidate
> the configuration in one place (i.e. /etc/sudoers for the timeout) as
> well as let users manage the cache (e.g. sudo -k when the user logs out)
> the same way they do today.

The point is that Tramp (until now) keeps a session open forever. Tramp
doesn't "start a new sudo shell for example to get file attributes".
Therefore, there's no chance that sudo could ask for a password,
again. That's why the new mechanism interrupts the session after the
session timeout, and opening a new one depends on sudo's mechanism for
cached passwords.

Best regards, Michael.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: sudo:: method in tramp possible security issue, (continued)
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/20
  - Re: sudo:: method in tramp possible security issue, João Távora, 2018/11/20
    - Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21

Prev by Date: Re: Support virtual slots in EIEIO
Next by Date: Re: sudo:: method in tramp possible security issue
Previous by thread: Re: sudo:: method in tramp possible security issue
Next by thread: Re: sudo:: method in tramp possible security issue
Index(es):
- Date
- Thread