Re: sudo:: method in tramp possible security issue

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sudo:: method in tramp possible security issue

From:	John Shahid
Subject:	Re: sudo:: method in tramp possible security issue
Date:	Wed, 21 Nov 2018 09:44:37 -0500
User-agent:	mu4e 1.1.0; emacs 27.0.50

Michael Albinus <address@hidden> writes:

> The command `tramp-cleanup-connection' closes any background session for
> a Tramp connection, including removing cached passwords. Maybe we shall
> call this for sudo/su methods automatically after a given timeout, like
> the password expiration for sudo in a terminal. 5 minutes seem to be a
> sensible value to me.

Warning, I am not familiar with the internals of tramp, so please
forgive my following comment if it doesn't make sense.

Is there a reason for doing a manual expiration instead of relying on
the default sudo behavior.  If tramp start a new sudo shell for example
to get file attributes, then sudo can take care of caching the password
or asking for it after the configured timeout.  That would consolidate
the configuration in one place (i.e. /etc/sudoers for the timeout) as
well as let users manage the cache (e.g. sudo -k when the user logs out)
the same way they do today.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: sudo:: method in tramp possible security issue, (continued)
- Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/20
  - Re: sudo:: method in tramp possible security issue, João Távora, 2018/11/20
    - Re: sudo:: method in tramp possible security issue, Michael Albinus, 2018/11/21

Prev by Date: Re: sudo:: method in tramp possible security issue
Next by Date: Re: Support virtual slots in EIEIO
Previous by thread: Re: sudo:: method in tramp possible security issue
Next by thread: Re: sudo:: method in tramp possible security issue
Index(es):
- Date
- Thread