You may not be aware of this behavior, but when you perform an administrative function (for example, installing a new program), your authentication gets cached for a bit (15 minutes, I believe... maybe 5 minutes), and you won't be prompted again for your password if you perform a second or third administrative function within that grace period (otherwise known as the sudo timeout).
I'm not sure what to think of this.
On the one hand, it seems rather insecure. After all, isn't the whole point of having password authentication that it provides a layer of security? Would it be possible for something to piggyback your authentication and launch some kind of malware without your permission? And, if not, why have password authentication at all? Why not keep it permanently cached?
On the other hand, assuming it isn't the optimal security implementation, would getting rid of the timeout just frustrate new users even more and bring us more "I just want to log in as root all the time! This is my computer, after all" threads? In other words, would tightening that security just lead to more people getting rid of the security measure altogether?
What do you think?
Like the sudo timeout? Don't like it and want to get rid of it? Don't like it but think the alternative would be worse? Don't really care? Didn't even notice there was one?
I'm really curious as to what people's opinions on this are.
Thanks in advance for your two cents or pence (or whatever a pittance is in your currency).
Bookmarks