Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Funny, I always thought this was supposed to be a feature. It remembered your authentication for a few minutes after using sudo. I assumed it was part of the OSX auth system and would forget if you locked the screen.


Enabling `tty_tokens` still remembers your authentication for a few minutes, but it restricts use to the terminal it was run on.


Yeah I was thinking the same thing, probably that is why they ship those defaults, better UX.


Don't call a security flaw a UX feature please.


Passwords are both security flaws and UX features -- they're inherently flawed, cannot be fixed, and are the only authentication system most people can use successfully.

Security is always in tension with usability.


I think the flaw marcoamorales intended to point out is how sudo doesn't always re-prompt for a password.


It is a feature that it caches your authentication for a few minutes. It's not a feature that other processes running as your user, such as something that manages to do a sandbox escape in your browser, are also able to acquire credentials.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: