[ibic]

As it happens - "The warning was restored in a slightly altered form in 9757d29" ( https://github.com/sudo-project/sudo/commit/9757d29a24ac1872... ) - Millert.

[usr1106]

That makes senses. I already wanted to comment that showing an false warning is not good. But silently sending a mail of what you tried to do is worse.

[dan_linder]

This is great! Now when I break into a system I can quickly verify if they've got this aspect of sudo logging setup or not!

Only 1/2 /s

[Dylan16807]

Checking if the alarm is set by seeing if it activates seems like it's not particularly useful.

[couchand]

Not to comment on this particular case, but this is a more useful tactic than it seems at first. Seeing the reaction that an alarm brings can provide lots of useful information for evading future ones.

[Dylan16807]

For some alarms yes. But for one where you won't even know if it activated unless you see the response, and there's little reason for anyone to care about it most of the time... it seems pretty niche.