Information
In combination with removing the sudo timeout grace period a further mitigation should be in place to reduce the possibility of a a background process using elevated rights when a user elevates to root in an explicit context or tty. With the included sudo 1.8 introduced in 10.12 the default value is to have tty tickets for each interface so that root access is limited to a specific terminal. The default configuration can be overwritten or not configured correctly on earlier versions of macOS.
Rationale:
Additional mitigation should be in place to reduce the risk of privilege escalation of background processes.
Solution
Remove 'Defaults !tty_tickets' from the /etc/sudoers file using visudo
Additional Information:
https://github.com/jorangreef/sudo-prompt/issues/33
https://derflounder.wordpress.com/2016/09/21/tty_tickets-option-now-on-by-default-for-macos-sierras-sudo-tool
http://rixstep.com/2/20050521,00.shtml