
Show HN: A fork of sudo with Touch ID support - mattr1
https://github.com/mattrajca/sudo-touchid
======
pritambaral
Similar: On Linux, doing something like this doesn't require patched sudo.
sudo uses the OS provided auth framework (PAM), which is pluggable (the 'P' in
'PAM' stands for 'Pluggable'); and fprintd provides a pam plugin.

The `LocalAuthentication` framework this project mentions sounds like an OS X
equivalent of PAM — an OS level account auth framework. I wonder why/if the
`sudo` on OS X doesn't use it.

~~~
brazzledazzle
If I remember correctly you can use PAM modules on OS X as well. Perhaps
writing one and integrating that with the touch ID button might be possible.

~~~
seanp2k2
Guessing so since that's what Yubikey appears to do:
[https://www.yubico.com/support/knowledge-
base/categories/art...](https://www.yubico.com/support/knowledge-
base/categories/articles/yubikey-mac-os-x-login-guide/)

~~~
dancek
Yep, I've used the Yubikey PAM, and it works just fine. My first thought on
seeing the title was: WHYYYYYY?

There are some slight usability issues with using custom PAM config. E.g. if
you want to unlock the lock screen without password using the Yubikey, you
still need to press enter.

------
matt4077
This here is what gets me salivating: Using the toolbar as a context-sensitive
test runner/controler:
[https://pbs.twimg.com/media/CwC8SNvW8AQgeWN.png:large](https://pbs.twimg.com/media/CwC8SNvW8AQgeWN.png:large)

~~~
intruder
I don't understand the general moan about the touch bar. These are exactly the
cases I think will make the touch bar great.

Is it the most innovative concept ever? No, but it looks like it's been
executed very well. I think developers will like this macbook.

~~~
duaneb
To what exact cases are you referring? Do you not use an ide with a test
runner? What exactly is desirable about triggering and monitoring this from a
second display on the keyboard--where you're looking all the time, naturally--
over clicking a button on screen?

~~~
striking
Take a good look at the IDE running there. It's Vim. I use that all the time,
and so do many other people on HN.

Do you need a button like this on your keyboard? No, you could set up a new
Vim bind. But this is more dynamic; what if the test re-run buttons were only
visible after having modified a file, and replaced with a deploy or commit
button if tests succeed?

If you're vigorously opposed to it, don't buy a Mac. But some people can
definitely see use in it. It's like your function row, but with visibly
context-aware functions.

~~~
duaneb
The computer already has a fantastic dynamic display built in—the display.
Your eyes even naturally fall there. Why do we need a second display at all,
much less on the keyboard where people do not look?

~~~
tkxxx7
Unless you're touch-typing your function keys, you certainly do look there.

I don't want a "second display"; I want dynamic, context-aware buttons.
Focusing on the fact that it's "another display" misses all the benefits of it
_not_ being static hardware buttons.

~~~
tomtheelder
> I want dynamic, context-aware buttons.

The buttons on your keyboard are already context aware. All this does is make
them difficult/impossible to touch type (I touch type my F-keys), forces me to
look away from my display to perform operations, and removes the good tactile
feedback you get from a keypress.

~~~
tkxxx7
"Context-aware" as in the applications you use will decide what to do with the
inputs, I guess, sure. The applications you use being able to create their own
inputs is an entirely different thing and what I meant by "context-aware".

I agree, though, that the lack of feedback was a mistake.

------
sjtgraham
I have a feeling this is EXTREMELY DANGEROUS to have on your Mac. Using
DYLD_INSERT_LIBRARIES and attacker could inject code that swizzles -[LAContext
evaluatePolicy: localizedReason:reply] to always invoke the callback block
with success set to YES. e.g.

DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES=evil.dylib my_sudo rekt

This won't work on SIP protected binaries (n.b. system binaries), but might
still work on other binaries while SIP is enabled. It's mostly moot however as
many developers have SIP disabled.

~~~
pasyormie
This would not work. setuid binaries do not respect these flags, for obvious
reasons. But if you're at the point where you can inject environment vars into
a devs workstation, it's probably too late for that dev.

~~~
sjtgraham
You're right. I had a suspicion of this (hence the non-committal "I have a
feeling") but a quick Google search before writing the comment didn't yield
much. After seeing your reply I looked at the dyld source:
[http://opensource.apple.com//source/dyld/dyld-210.2.3/src/dy...](http://opensource.apple.com//source/dyld/dyld-210.2.3/src/dyld.cpp),
see the function pruneEnvironmentVariables.

------
stephenr
This sounds amazing, and Id love if Apple allowed touchid for regular account-
password prompts in macOS 10.13 (or a Sierra point update but let's be
realistic)

If they integrated this down to the built in sudo/su that would be even more
amazing, but I imagine that's much less likely.

~~~
eddieplan9
It is already the case. In the keynote, they demoed Fast User Switch with a
touch of finger. If multiple people share a single computer, switching to the
right user account is a touch away.

~~~
stephenr
Yeah i saw that, but FUS needs a password to login, just like if you use the
regular login screen.

I was talking about "X needs your password to Y", e.g. unlocking sys
preferences panels, keychain stuff, etc.

------
rrmm
Shouldn't touch ID be the userid and not the password?

~~~
eshyong
I'm not sure that's true. Anyone can claim to be "rrmm" but only one person
has that set of fingerprints.

~~~
dvhh
"at a time", wasn't the movie "demolition man" showed us the physical danger
of biometrics (/s)

~~~
bhaak
No need for /s. That's a valid concern that gets mentioned often in
discussions like this.

If a biometric sensor can be tricked by a body part that is no longer attached
to the body, that's a serious issue. But AFAIK at least modern sensors try to
verify if it's still alive and then there's also the biological effect that a
body part quickly changes its properties if it is no longer supported by the
body.

The biggest danger in that is probably criminals who don't know that it is
likely that a detached body parts stops functioning.

------
bonyt
I don't have one of the new macbooks, but wouldn't making a wrapper around the
macOS authorization services thing do this as well?

Something like:

osascript -e "do shell script \"$*\" with administrator privileges"

------
algesten
Rather than calling it suto, the author could just use the PATH env variable
in .profile

I don't think the system would have much problem with that since profile is
explicitly for interactive user sessions.

------
elmigranto
I don't think this is very useful, at least in my usecase, where most things
don't require sudo in the first place (homebrew installed DBs, etc.).

Would be awesome to TouchID restart Upstart things on remotes, which is not
really feasible. One can dream, though :)

~~~
matt4077
Use the keychain to store your ssh keys, that's been possible since about
2007.

~~~
elmigranto
It doesn't help when remote sudo asks for password, does it?

------
bhauer
The Surface line-up provides a similar feature for User Access Control (UAC)
prompts via Windows Hello facial recognition (or the available fingerprint
scanner for older Surfaces). It's a pretty slick and natural application of
biometric authentication, and this seems a natural for Touch ID as well.

------
mrkgnao
Why does macOS need sudo to boot?

~~~
matt4077
It doesn't.

------
partycoder
Be mindful that it is not hard to lift fingerprints to trick that
authentication method.

Most specially, in an office environment it can be done from a mouse, a
keyboard, a glass of water, etc.

There are some videos in YouTube showing how it can be done.

------
oniyokai
Nice! Cool application of the touch bar. Much more practical than some of
Apple's so far demoed examples. ;)

~~~
matt4077
Well they did have login and fast user switching as an example, so that's
kinda comparable and probably more practical, considering "people using sudo"
is a subset of "people logging in".

Also, I like how you can compliment the feature yet still insult its creator
in single sentence.

------
GiovanniFrigo
I love this. Should buy a new MacBook just to be able to use this :D

------
dukerutledge
If you are asking the question, should I use this?

"I am not a security expert."

No.

------
jwatte
Fingerprints are user names, not passwords.

------
TekMol
I never understood the obsession with sudo. Why not just be root in the first
place?

~~~
woodruffw
Isolate your concerns and risks. There's no reason to drop into an interactive
root shell for a single command, and your chances of forgetting your current
privilege level and running the wrong thing are not insignificant.

~~~
TekMol
What special "wrong thing" can root do? There might os level files that only
root can edit or delete. I don't care about those. I can reinstall the os
anytime if I should ever mess it up. All the value is in my data.

~~~
woodruffw
For most people, accidentally destroying various system files and "only"
having to reinstall the OS would be considered a serious inconvenience.

If you want an example of something that could cause _lasting_ damage, it's
probably pretty easy to put your Apple product into a non-booting state by
fiddling with NVRAM or PRAM settings as root. I'm not familiar with them off
the top of my head, though.

~~~
ascagnel_
With the advent of EFI booting, you can brick basically any motherboard by
wiping it's EFI partitions.

