On 07/27/2015 01:33 PM, Stuart Henderson wrote:
On 2015/07/27 10:54, Gregory Edigarov wrote:
Hi,
sudo was having a nice feature of not overwhelming the user with password
prompts (cookies :-) ).
There is nothing stopping you from installing sudo from packages if
you need its features...
On Mon, Jul 27, 2015 at 02:55:34PM +0300, Gregory Edigarov wrote:
Thanks for showing that to me, Marc. Will think on how to implement that in
a more secure way. I think I need to add a token based check? Correct?
I don't think you get what I'm saying.
I don't think there's any way to
On 07/27/2015 01:08 PM, Theo Buehler wrote:
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
Hi,
sudo was having a nice feature of not overwhelming the user with password
prompts (cookies :-) ).
This diff is adding this back to doas(1).
On Mon, Jul 27, 2015 at 10:54:02AM
On 07/27/2015 01:21 PM, Marc Espie wrote:
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
Hi,
sudo was having a nice feature of not overwhelming the user with password
prompts (cookies :-) ).
This diff is adding this back to doas(1).
Index: doas.c
hi,
here's an updated diff using /var/doas directory root:wheel owned with a
strict 700 permissions. checks and batteries included.
Index: doas.c
===
RCS file: /cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.27
diff -u -p -u
Theo Buehler wrote:
I'm probably missing something, but from reading your implementation of
checktimeout() it seems that you can easily cumvent the password prompt
using something like this (assuming the timeout is enabled for the
user):
And this is why this feature is not included in doas.
Gregory Edigarov wrote:
hi,
here's an updated diff using /var/doas directory root:wheel owned with a
strict 700 permissions. checks and batteries included.
Sorry, but this is not a feature we want at this time.
On Mon, 27 Jul 2015 11:12:17 +0100, Kevin Chadwick wrote:
It's not a big deal but one feature of sudo that I occasionally use is
sudoedit.
You can get sudoedit-like functionality without building it into
doas. All you really need is an editor front-end that uses getlogin(2)
to figure out the
This is harder to make secure than you realize. Once you add it
you will people will complain that if you logout and log back in
again during the timeout you can still run commands. Next you will
get requests for per-tty and per-destination user timeout files.
But wait! If someone can change
An easier and more reliable compromise would be running 'doas sh' and
executing multiple commands in the shell that is root.
Having said that, I am unsure if doas(1) uses the $HOME of the current
user, or the user that the command is executed as.
If $HOME is that of the current user, the
On 07/27/2015 01:12 PM, Kevin Chadwick wrote:
sudo was having a nice feature of not overwhelming the user with
password prompts (cookies :-) ).
This diff is adding this back to doas(1).
It's not a big deal but one feature of sudo that I occasionally use is
sudoedit or a one-time su like
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
Hi,
sudo was having a nice feature of not overwhelming the user with password
prompts (cookies :-) ).
This diff is adding this back to doas(1).
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
Hi,
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
Hi,
sudo was having a nice feature of not overwhelming the user with password
prompts (cookies :-) ).
This diff is adding this back to doas(1).
Index: doas.c
On 2015/07/27 10:54, Gregory Edigarov wrote:
Hi,
sudo was having a nice feature of not overwhelming the user with password
prompts (cookies :-) ).
There is nothing stopping you from installing sudo from packages if
you need its features...
sudo was having a nice feature of not overwhelming the user with
password prompts (cookies :-) ).
This diff is adding this back to doas(1).
It's not a big deal but one feature of sudo that I occasionally use is
sudoedit or a one-time su like command with timestamp_timeout=0 to
always prompt
15 matches
Mail list logo