Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What I really want is a wrapper for sudo. Whenever I use sudo, if type the password correctly it works instantly; if I mistype the password, it delays for 2 seconds before asking again. Often it's faster to Ctrl+C UP ENTER than to wait for that annoying 2 seconds. So it would be nice if a wrapper existed to see if sudo gives access within 0.1 seconds, and if it doesn't, assume the password was wrong, kill the sudo process and launch the command again. Automate the Ctrl+C UP ENTER.


I suspect the delay in sudo is configurable: it's not there because sudo is actually doing any work checking your password, it's there to prevent attackers from trying many many combinations of passwords quickly.

If you care about that protection, then you don't want to circumvent it, but in the equally reasonable case where you don't care, then you can probably just make sudo faster.


It actually comes from PAM - man pam_faildelay


How is it offering protection? An attacker could use this scheme as well. If the server doesn't let the user through in 0.1 s, abort and retry the connection, circumventing the delay.


You can limit the amount of retries, so a delay between attempts by default seems a little silly to me.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: