Sudo and Opendoas on Linux use timestamp files to keep track of how long it's been since you've last entered your password. Doas on BSD uses a kernel feature instead.
Why is the latter considered more secure?
Asked
Active
Viewed 143 times
2
-
1Who said that it is? – Joseph Sible-Reinstate Monica Nov 20 '21 at 18:05
-
@JosephSible-ReinstateMonica [arch](https://wiki.archlinux.org/title/Doas#doas_persist_feature), [brodie](https://www.youtube.com/watch?v=brXd12LstgA), – glibg10b Nov 21 '21 at 10:01
1 Answers
0
The sudoers timestamp file is only writable by root, so it cannot be modified by any normal user. However, a user that has root access (e.g. via sudo) can keep overwriting the timestamp file to prevent being prompted for the password again in future. This is only really relevant in a situation where an attacker gains access to an interactive terminal session where sudo has been used very recently.
Moving this tracking to the kernel makes it slightly more secure, because the attacker would have to load a kernel module to modify the timestamp, and that's a bit noisier and requires making such a module. It isn't really a concrete barrier, it's just a bit more work for an attacker.
Polynomial
- 132,208
- 43
- 298
- 379
-
1"However, a user that has root access (e.g. via sudo) can keep overwriting the timestamp file to prevent being prompted for the password again in future." But if you already have root, there's plenty of other ways to persist it. Is it really a security increase to only have 999 such ways instead of 1000? It almost feels to me like the false sense of security that gives you would outweigh the tiny actual benefit. – Joseph Sible-Reinstate Monica Nov 21 '21 at 14:42
-
Yes. It's a minor increase in security for the mechanism, but overall it doesn't do much. – Polynomial Nov 21 '21 at 18:53