GNU bug report logs - #6323
Enhancement request: Add wronly to Coreutils

Previous Next

Full log

Message #17 received at 6323 <at> debbugs.gnu.org (full text, mbox):

From: Daniel Trebbien <dtrebbien <at> gmail.com>
To: Bob Proulx <bob <at> proulx.com>
Cc: 6323 <at> debbugs.gnu.org
Subject: Re: bug#6323: Enhancement request: Add wronly to Coreutils
Date: Wed, 2 Jun 2010 12:59:51 -0400

On 2010-06-02, Bob Proulx <bob <at> proulx.com> wrote:
> Daniel Trebbien wrote:
>> `sudo` with the `-S` option causes it to write the password prompt (if
>> it requires a password at that time) to standard error and read the
>> password from standard in. The problem is: how do I know if `sudo`
>> requires a password? I need to try to read the password prompt from
>> standard error, but if the password is not required, then the parent
>> process will wait for data on standard error while the child process
>> (`wronly` by this time) waits for data on standard in.
>
> There is always the sudo -k option.  If the user isn't configured with
> NOPASSWD then sudo -k ignores the timestamp file and will always ask
> for a password.  That would make it more consistent.
>
> Newish sudo commands include a -A option along with a SUDO_ASKPASS
> variable.  It will invoke a helper program to read the password.  I
> would probably go that route myself.
>
> Bob
>

I had considered these options, but I cannot assume that sudo is *not*
configured with NOPASSWD, and I can't use an external program to get
the password. Also, I didn't want to store the user's password in the
program's memory (outside of the stack and OS buffers), and the
timeout might expire in between "refreshing" (`sudo -v`) and running
the write command with `sudo`.

I am working on enhancement 26000 to `nano` that would allow it to
write through as root (http://savannah.gnu.org/bugs/?26000).

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.