Subject: sudo doesn't ask for password
To: None <>
From: mortee <>
List: tech-security
Date: 10/19/2007 09:41:58

sorry if this isn't an appropriate forum for my problem, but I don't
really know where else to ask. I'm wondering if anyone else has
encountered what I have, what may be the cause and the solution.

I have a i386 box running NBSD 2.0. I recently transitioned from
pkgsrc-2007Q2 to pkgsrc-2007Q3, along with which sudo got updated from
1.6.8pl12nb4 to 1.6.9p6.

I just noticed that sudo fails to ask me for my password, when it would
be supposed to.

$ id
uid=1000(morton) gid=100(users)
$ sudo id
uid=0(root) gid=0(wheel)
$ sudo -l
User morton may run the following commands on this host:
    (ALL) ALL
    (%morton) NOPASSWD: ALL
    (root) NOPASSWD: /usr/pkg/sbin/smartctl -A /dev/wd?d
$ sudo -k
$ sudo ls

I know for sure that it worked as expected before the upgrade. I don't
have any timeout settings in my sudoers file, so it is at its default
value. However, after sudo -k, it should ask for a password anyway. I
haven't altered my sudoers file since the upgrade.

Also note that as root, I should only be able to run that smartctl
command without a password prompt; and also run anything as someone in
the group morton, which root is not. So in all other cases, I should be
prompted for my password.

Can anyone shred any light on this?