UGFja2FnZTogc3VkbwpWZXJzaW9uOiAxLjkuMTZwMi0zClNldmVyaXR5OiBub3JtYWwKWC1EZWJi dWdzLUNjOiB0Z0BtaXJic2QuZGUKCk9uIGJvb3R1cCBvZiBteSB3b3JrIGxhcHRvcCwgSSBoYXZl IHRvIGxvZyBpbiBvbiB0aGUgY29uc29sZSwgdGhlbiBzdGFydCB0aGUgbmV0d29yawooYmFzaWNh bGx0eSBhIOKAnHN1ZG8gaWZ1cCB3bGFuMD1zb21lLWlk4oCdIG9yIOKAnHN1ZG8gaWZ1cCBldGgw 4oCdLCBkZXBlbmRpbmcpLCB0aGVuIHN0ZXAgdGhlCmNsb2NrdGltZSB3aXRoIHJkYXRlLCB0aGVu IHJ1biBhbm90aGVyIGNvbW1hbmQgd2l0aCBzdWRvLgoKVW5mb3J0dW5hdGVseSwgdGhlIHN0ZXBw aW5nIG9mIHRoZSB0aW1lLW9mLWRheSBvZnRlbiBpbnZhbGlkYXRlcyB0aGUgdGltZXN0YW1wLCBh bmQKSSBoYXZlIHRvIGVudGVyIHRoZSBwYXNzd29yZCBhZ2Fpbiwgd2hpY2ggaXMgYW5ub3lpbmcu IChJdCBzZWVtcyB0byBoYXZlIGEgdG9sZXJhbmNlCmZvciB2YWx1ZXMgYmVsb3cgNjBzIG9yIHNv LCB0aGUgbGFwdG9wIGdlbmVyYWxseSBsb3NlcyBhYm91dCBhIG1pbnV0ZSBiZXR3ZWVuIGJvb3Rz LikKCkkgZ2V0IHdoeSBzdGVwcGluZyBiYWNrd2FyZHMgd2lsbCByZXF1aXJlIHRoZSBwYXNzd29y ZCBhZ2FpbiAodGhvdWdoIEkgc2V0IGEgaGlnaGVyCnRoYW4gbm9ybWFsIHRpbWVzdGFtcF90aW1l b3V0KSwgYnV0IGZvcndhcmRzIHNob3VsZCBub3QsIGF0IGxlYXN0IG5vdCBieSBzbWFsbCBhbW91 bnRzCihsZXNzIHRoYW4gc2l4IGhvdXJzIG9yIHNvKQoKCi0tIFN5c3RlbSBJbmZvcm1hdGlvbjoK RGViaWFuIFJlbGVhc2U6IDEzLjAKICBBUFQgcHJlZmVycyB0ZXN0aW5nLXNlY3VyaXR5CiAgQVBU IHBvbGljeTogKDUwMCwgJ3Rlc3Rpbmctc2VjdXJpdHknKSwgKDUwMCwgJ3Rlc3RpbmctcHJvcG9z ZWQtdXBkYXRlcycpLCAoNTAwLCAndGVzdGluZycpCkFyY2hpdGVjdHVyZTogYW1kNjQgKHg4Nl82 NCkKCktlcm5lbDogTGludXggNi4xMi4zOCtkZWIxMy1hbWQ2NCAoU01QIHcvMTYgQ1BVIHRocmVh ZHM7IFBSRUVNUFQpCktlcm5lbCB0YWludCBmbGFnczogVEFJTlRfT09UX01PRFVMRSwgVEFJTlRf VU5TSUdORURfTU9EVUxFCkxvY2FsZTogTEFORz1DLlVURi04LCBMQ19DVFlQRT1DLlVURi04IChj aGFybWFwPVVURi04KSwgTEFOR1VBR0Ugbm90IHNldApTaGVsbDogL2Jpbi9zaCBsaW5rZWQgdG8g L3Vzci9iaW4vZGFzaApJbml0OiBzeXN2aW5pdCAodmlhIC9zYmluL2luaXQpCgpWZXJzaW9ucyBv ZiBwYWNrYWdlcyBzdWRvIGRlcGVuZHMgb246CmlpICBpbml0LXN5c3RlbS1oZWxwZXJzICAxLjY4 CmlpICBsaWJhcHBhcm1vcjEgICAgICAgICA0LjEuMC0xCmlpICBsaWJhdWRpdDEgICAgICAgICAg ICAxOjQuMC4yLTIrYjIKaWkgIGxpYmM2ICAgICAgICAgICAgICAgIDIuNDEtMTEKaWkgIGxpYnBh bS1tb2R1bGVzICAgICAgIDEuNy4wLTUKaWkgIGxpYnBhbTBnICAgICAgICAgICAgIDEuNy4wLTUK aWkgIGxpYnNlbGludXgxICAgICAgICAgIDMuOC4xLTEKaWkgIGxpYnNzbDN0NjQgICAgICAgICAg IDMuNS4xLTEKaWkgIHpsaWIxZyAgICAgICAgICAgICAgIDE6MS4zLmRmc2crcmVhbGx5MS4zLjEt MStiMQoKc3VkbyByZWNvbW1lbmRzIG5vIHBhY2thZ2VzLgoKc3VkbyBzdWdnZXN0cyBubyBwYWNr YWdlcy4KCi0tIENvbmZpZ3VyYXRpb24gRmlsZXM6Ci9ldGMvc3Vkb2VycyBbRXJybm8gMTNdIFBl cm1pc3Npb24gZGVuaWVkOiAnL2V0Yy9zdWRvZXJzJwovZXRjL3N1ZG9lcnMuZC9SRUFETUUgW0Vy cm5vIDEzXSBQZXJtaXNzaW9uIGRlbmllZDogJy9ldGMvc3Vkb2Vycy5kL1JFQURNRScKCi0tIG5v IGRlYmNvbmYgaW5mb3JtYXRpb24K

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Control: tags -1 upstrean
Control: severity -1 minor

On Fri, Aug 01, 2025 at 02:01:18PM +0200, Thorsten Glaser wrote:

On bootup of my work laptop, I have to log in on the console, then start the network
(basicallty a “sudo ifup wlan0=some-id” or “sudo ifup eth0”, depending), then step the
clocktime with rdate, then run another command with sudo.

That sounds like a workflow that noone else uses. Setting severity appopriately.

Unfortunately, the stepping of the time-of-day often invalidates the timestamp, and
I have to enter the password again, which is annoying. (It seems to have a tolerance
for values below 60s or so, the laptop generally loses about a minute between boots.)

I find that reasonable. Maybe for security reasons. I'd like to know how
sudo detects that between invocations.

I get why stepping backwards will require the password again (though I set a higher
than normal timestamp_timeout), but forwards should not, at least not by small amounts
(less than six hours or so)

Six hours is well beyond the password timeout.

Debian is surely not going to patch this part of sudo's behavior.

May I ask you to take this upstream yourself, maybe to the upstream
mailing list? This is much more efficient than me forwarding messages.

Greetings
Marc

-- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)