On Thu, Jul 9, 2009 at 1:55 PM, Square<toolma...@gmail.com> wrote:
> I noticed this in my typical routine when installing AUR packages. 'makepkg 
> -sic' is the typical command I use, and most of the time if dependencies are 
> installed before building sudo doesn't time out before the install - meaning 
> I do not have to re-enter a password for installing the package itself. This 
> leaves a window where any time during the build process a command could have 
> been executed with sudo and it would have went through without my knowledge.
>
> I do realize that it should be up to the user to validate all of the
> content, i.e. make sure everything is 'clean', but I thought I might
> bring it up for discussion.

This is up to you to control. You can change the timeout in
/etc/sudoers by using the "password_timeout" (or is it
"passwd_timeout"?) option.

Reply via email to