The sudo timeout convenience feature is worrisome, but there's no need to remove it entirely from the system [1]. You can set
Defaults timestamp_timeout = 0
in your sudoers file to make sure sudo always prompts for a password. I think this should be default, since the current default of 5 minutes is an easy privilege escalation vector [2].
Also, if you like entering root's password instead of your own, you can set the `runaspw` option.
[1]: Unless you'd like to remove one more possible SUID vulnerability.
[2]: It's far from the only way for a local process to escalate privileges, so I understand it's nothing worth yelling about.
Also, if you like entering root's password instead of your own, you can set the `runaspw` option.
[1]: Unless you'd like to remove one more possible SUID vulnerability.
[2]: It's far from the only way for a local process to escalate privileges, so I understand it's nothing worth yelling about.