add askpass named pipe support (GSUDO_ASKPASS_NAMED_PIPE) #388
Conversation
|
Hi @awakecoding. Apologies for not responding earlier, I've been thru some personal things in the family so my priorities shifted a little bit. |
|
Hi Gerardo, No problem for the delay, I understand For the named pipe security, it is served only once, after which the temporary named pipe server is closed. It's ephemeral during the gsudo process launching, and it's not a named pipe which can be grabbed at any time in the background. In any case, the named pipe technique fits our requirements, it doesn't leak credentials like environment variables or command-line arguments. If there is no other concern other than fixing the CI, we would appreciate having a new release once it is merged. Initially, our RDM integration will just require that gsudo be preinstalled, so we're not going to use the nuget package, at least not not. Maybe we'll ship a copy from the nuget package later, but not now. Thanks! |
We're integrating gsudo in Remote Desktop Manager, and one thing we're missing is a way to inject the password to launch the process as another user. One way we've done this in the past was to patch software to accept a named pipe name through an optional environment variable, and treat it as an "askpass" named pipe that just serves the password once. The named pipe is only used as a replacement for the current prompt if the GSUDO_ASKPASS_NAMED_PIPE environment variable has been set.
Alternatively, we could add a command-line parameter to pass the optional "askpass named pipe" name, but we're happy with just this environment variable, unless you wish to have it changed or done differently.