pam: expose sudo prompt to PAM via SUDO_PROMPT env#1590
Open
3v1n0 wants to merge 3 commits into
Open
Conversation
2 tasks
Some PAM modules implementations do not use PAM conversations and instead present their own native client UI when they have access to the terminal. In those cases, modules cannot infer sudo's custom prompt text from the conversation callback path. Set SUDO_PROMPT in the PAM environment before pam_authenticate(), so modules that render their own UI can combine: - PAM service identity (from the PAM transaction) - sudo's resolved prompt string (SUDO_PROMPT) to display a consistent, context-aware prompt. To avoid stale state, clear SUDO_PROMPT before authentication starts and clear it again after pam_authenticate() returns. Allowing PAM modules in the stack to read (and potentially change) SUDO_PROMPT does not introduce a new trust boundary concern: PAM modules already control the conversation flow and can provide their own prompt text/messages through the standard PAM conversation mechanism.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Some PAM modules implementations do not use PAM conversations and
instead present their own native client UI when they have access to
the terminal.
In those cases, modules cannot infer sudo's custom prompt text from
the conversation callback path.
Set SUDO_PROMPT in the PAM environment before pam_authenticate(),
so modules that render their own UI can combine:
to display a consistent, context-aware prompt.
To avoid stale state, clear SUDO_PROMPT before authentication starts
and clear it again after pam_authenticate() returns.
Allowing PAM modules in the stack to read (and potentially change)
SUDO_PROMPT does not introduce a new trust boundary concern:
PAM modules already control the conversation flow and can provide
their own prompt text/messages through the standard PAM conversation
mechanism.
This has been also proposed to regular sudo as sudo-project/sudo#539
Closes: #1594