Re: doas: improve error message
On 2020-10-08 16:39, Klemens Nanni wrote: On Thu, Oct 08, 2020 at 04:23:53PM -0700, Jordan Geoghegan wrote: This improved error message would have been useful a few months ago where I had a number of end-users of one of my scripts get confused due to the cryptic error messages spit out by doas. The diff does not change behaviour or output for end-users on the command line; instead it changes syslog messages which by default are only readable by root. As admin going through logs of multiple hosts (in a centralised place) the proposed change clarifies that whatever was TRIED to be executed never actually DID execute. Hi Klemens and Theo, Yes, I'm aware it was related to syslog output. The end-user situation I mentioned involved a script run via cron job and folks were getting confused by weird messages in their syslog due to using the script wrong. Regards, Jordan
Re: doas: improve error message
On 2020-10-09, Klemens Nanni wrote: > In case `cmd' and `args' in doas.conf(5) do not match, the generated > log message is unclear and might be read as if the command executed but > failed, i.e. returned non-zero: > > # cat /etc/doas.conf > permit nopass kn cmd echo args foo > $ doas echo foo > foo > $ doas echo bar > doas: Operation not permitted > > The corresponding syslog(3) messages from /var/log/secure: > > Oct 9 01:05:14 eru doas: kn ran command echo foo as root from /home/kn > Oct 9 01:05:20 eru doas: failed command for kn: echo bar > > The following reads unambiguous and better matches the EPERM wording: > > Oct 9 01:05:20 eru doas: command not permitted for kn: echo bar ok, i think that wording was just copy/paste.
Re: doas: improve error message
Klemens Nanni wrote: > The diff does not change behaviour or output for end-users on the > command line; instead it changes syslog messages which by default are > only readable by root. ^ That's the key detail for me, as it means no additional information is being exposed. ok deraadt
Re: doas: improve error message
On Thu, Oct 08, 2020 at 04:23:53PM -0700, Jordan Geoghegan wrote: > This improved error message would have been useful a few months ago where I > had a number of end-users of one of my scripts get confused due to the > cryptic error messages spit out by doas. The diff does not change behaviour or output for end-users on the command line; instead it changes syslog messages which by default are only readable by root. As admin going through logs of multiple hosts (in a centralised place) the proposed change clarifies that whatever was TRIED to be executed never actually DID execute.
Re: doas: improve error message
Hi Klemens, I'm not a dev, so I can't give you an OK, but I just wanted to say that I certainly support this change. This improved error message would have been useful a few months ago where I had a number of end-users of one of my scripts get confused due to the cryptic error messages spit out by doas. Regards, Jordan On 2020-10-08 16:09, Klemens Nanni wrote: In case `cmd' and `args' in doas.conf(5) do not match, the generated log message is unclear and might be read as if the command executed but failed, i.e. returned non-zero: # cat /etc/doas.conf permit nopass kn cmd echo args foo $ doas echo foo foo $ doas echo bar doas: Operation not permitted The corresponding syslog(3) messages from /var/log/secure: Oct 9 01:05:14 eru doas: kn ran command echo foo as root from /home/kn Oct 9 01:05:20 eru doas: failed command for kn: echo bar The following reads unambiguous and better matches the EPERM wording: Oct 9 01:05:20 eru doas: command not permitted for kn: echo bar Feedback? OK? Index: doas.c === RCS file: /cvs/src/usr.bin/doas/doas.c,v retrieving revision 1.82 diff -u -p -r1.82 doas.c --- doas.c 18 Oct 2019 17:15:45 - 1.82 +++ doas.c 8 Oct 2020 22:59:45 - @@ -396,7 +396,7 @@ main(int argc, char **argv) if (!permit(uid, groups, ngroups, &rule, target, cmd, (const char **)argv + 1)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, - "failed command for %s: %s", mypw->pw_name, cmdline); + "command not permitted for %s: %s", mypw->pw_name, cmdline); errc(1, EPERM, NULL); }
doas: improve error message
In case `cmd' and `args' in doas.conf(5) do not match, the generated log message is unclear and might be read as if the command executed but failed, i.e. returned non-zero: # cat /etc/doas.conf permit nopass kn cmd echo args foo $ doas echo foo foo $ doas echo bar doas: Operation not permitted The corresponding syslog(3) messages from /var/log/secure: Oct 9 01:05:14 eru doas: kn ran command echo foo as root from /home/kn Oct 9 01:05:20 eru doas: failed command for kn: echo bar The following reads unambiguous and better matches the EPERM wording: Oct 9 01:05:20 eru doas: command not permitted for kn: echo bar Feedback? OK? Index: doas.c === RCS file: /cvs/src/usr.bin/doas/doas.c,v retrieving revision 1.82 diff -u -p -r1.82 doas.c --- doas.c 18 Oct 2019 17:15:45 - 1.82 +++ doas.c 8 Oct 2020 22:59:45 - @@ -396,7 +396,7 @@ main(int argc, char **argv) if (!permit(uid, groups, ngroups, &rule, target, cmd, (const char **)argv + 1)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, - "failed command for %s: %s", mypw->pw_name, cmdline); + "command not permitted for %s: %s", mypw->pw_name, cmdline); errc(1, EPERM, NULL); }