Re: doas: improve error message

2020-10-08 Thread Jordan Geoghegan 




On 2020-10-08 16:39, Klemens Nanni wrote:

On Thu, Oct 08, 2020 at 04:23:53PM -0700, Jordan Geoghegan wrote:

This improved error message would have been useful a few months ago where I
had a number of end-users of one of my scripts get confused due to the
cryptic error messages spit out by doas.

The diff does not change behaviour or output for end-users on the
command line;  instead it changes syslog messages which by default are
only readable by root.

As admin going through logs of multiple hosts (in a centralised place)
the proposed change clarifies that whatever was TRIED to be executed
never actually DID execute.



Hi Klemens and Theo,

Yes, I'm aware it was related to syslog output. The end-user situation I 
mentioned involved a script run via cron job and folks were getting 
confused by weird messages in their syslog due to using the script wrong.


Regards,

Jordan

Re: doas: improve error message

2020-10-08 Thread Ted Unangst 
On 2020-10-09, Klemens Nanni wrote:
> In case `cmd' and `args' in doas.conf(5) do not match, the generated
> log message is unclear and might be read as if the command executed but
> failed, i.e. returned non-zero:
> 
>   # cat /etc/doas.conf
>   permit nopass kn cmd echo args foo
>   $ doas echo foo
>   foo
>   $ doas echo bar
>   doas: Operation not permitted
> 
> The corresponding syslog(3) messages from /var/log/secure:
> 
>   Oct  9 01:05:14 eru doas: kn ran command echo foo as root from /home/kn
>   Oct  9 01:05:20 eru doas: failed command for kn: echo bar
> 
> The following reads unambiguous and better matches the EPERM wording:
> 
>   Oct  9 01:05:20 eru doas: command not permitted for kn: echo bar

ok, i think that wording was just copy/paste.

Re: doas: improve error message

2020-10-08 Thread Theo de Raadt 
Klemens Nanni  wrote:

> The diff does not change behaviour or output for end-users on the
> command line;  instead it changes syslog messages which by default are
> only readable by root.

  ^

That's the key detail for me, as it means no additional information
is being exposed.  ok deraadt

Re: doas: improve error message

2020-10-08 Thread Klemens Nanni 
On Thu, Oct 08, 2020 at 04:23:53PM -0700, Jordan Geoghegan wrote:
> This improved error message would have been useful a few months ago where I
> had a number of end-users of one of my scripts get confused due to the
> cryptic error messages spit out by doas.
The diff does not change behaviour or output for end-users on the
command line;  instead it changes syslog messages which by default are
only readable by root.

As admin going through logs of multiple hosts (in a centralised place)
the proposed change clarifies that whatever was TRIED to be executed
never actually DID execute.

Re: doas: improve error message

2020-10-08 Thread Jordan Geoghegan 

Hi Klemens,

I'm not a dev, so I can't give you an OK, but I just wanted to say that 
I certainly support this change.


This improved error message would have been useful a few months ago 
where I had a number of end-users of one of my scripts get confused due 
to the cryptic error messages spit out by doas.


Regards,

Jordan

On 2020-10-08 16:09, Klemens Nanni wrote:

In case `cmd' and `args' in doas.conf(5) do not match, the generated
log message is unclear and might be read as if the command executed but
failed, i.e. returned non-zero:

# cat /etc/doas.conf
permit nopass kn cmd echo args foo
$ doas echo foo
foo
$ doas echo bar
doas: Operation not permitted

The corresponding syslog(3) messages from /var/log/secure:

Oct  9 01:05:14 eru doas: kn ran command echo foo as root from /home/kn
Oct  9 01:05:20 eru doas: failed command for kn: echo bar

The following reads unambiguous and better matches the EPERM wording:

Oct  9 01:05:20 eru doas: command not permitted for kn: echo bar


Feedback? OK?


Index: doas.c
===
RCS file: /cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.82
diff -u -p -r1.82 doas.c
--- doas.c  18 Oct 2019 17:15:45 -  1.82
+++ doas.c  8 Oct 2020 22:59:45 -
@@ -396,7 +396,7 @@ main(int argc, char **argv)
if (!permit(uid, groups, ngroups, &rule, target, cmd,
(const char **)argv + 1)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
-   "failed command for %s: %s", mypw->pw_name, cmdline);
+   "command not permitted for %s: %s", mypw->pw_name, cmdline);
errc(1, EPERM, NULL);
}

doas: improve error message

2020-10-08 Thread Klemens Nanni 
In case `cmd' and `args' in doas.conf(5) do not match, the generated
log message is unclear and might be read as if the command executed but
failed, i.e. returned non-zero:

# cat /etc/doas.conf
permit nopass kn cmd echo args foo
$ doas echo foo
foo
$ doas echo bar
doas: Operation not permitted

The corresponding syslog(3) messages from /var/log/secure:

Oct  9 01:05:14 eru doas: kn ran command echo foo as root from /home/kn
Oct  9 01:05:20 eru doas: failed command for kn: echo bar

The following reads unambiguous and better matches the EPERM wording:

Oct  9 01:05:20 eru doas: command not permitted for kn: echo bar


Feedback? OK?


Index: doas.c
===
RCS file: /cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.82
diff -u -p -r1.82 doas.c
--- doas.c  18 Oct 2019 17:15:45 -  1.82
+++ doas.c  8 Oct 2020 22:59:45 -
@@ -396,7 +396,7 @@ main(int argc, char **argv)
if (!permit(uid, groups, ngroups, &rule, target, cmd,
(const char **)argv + 1)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
-   "failed command for %s: %s", mypw->pw_name, cmdline);
+   "command not permitted for %s: %s", mypw->pw_name, cmdline);
errc(1, EPERM, NULL);
}