Perhaps I am just dense, but what problem does sudoedit solve that is not
easily solved with groups and chmod?
Michael
On Wed, Feb 28, 2018 at 12:57 PM Felix Maschek wrote:
> Hi,
>
> to prevent privilege escalation by allowing 'sudo vi' (simple by
> invoking a shell from within vi) there is a special command 'sudoedit'.
> So far I can see this is missing currently if I use doas instead of
> sudo.
>
> So adding a similar command is more helpful to secure a system than
> special editors for every config file.
>
> Kind regards
> Felix
>
> On 28.02.2018 18:22, Frans Haarman wrote:
> > I've wondered about the usefulness of something like 'rcctl edit
> > bgpd'and a
> > bgpd_conf=/etc/bgpd.conf in rc.conf.
> >
> > Together with a 'rcctl clone' creating rc.d/bgpd symlink and
> > rc.conf.local
> > flags.
> >
> > Might make it easier running multiple of the same daemons?
> >
> > Add more cool stuff later like 'rcctl edit bgpd commit' and 'rcctl edit
> > bgpd confirm'.
> >
> > Just wondering out loud now :)
> >
> > Regards,
> > Frans
> >
> > Op woensdag 28 februari 2018 heeft Theo de Raadt
> > het
> > volgende geschreven:
> >> Yeah.
> >>
> >> And I suppose we also need seperate programs for all the other files
> >> in /etc?
> >>
> >> Such as visysctl.conf, vivm.conf, vigroup, vishells, virc.conf.local,
> >> visshd, vissh, etc
> >>
> >> After all, someone could create unsafe configurations, and lots of
> > handholding
> >> is needed everywhere, yes?
> >>
> >> I'm sorry, but I disagree. The tooling already exists to let you do
> >> this carefully. It is up to people to use their brains. And your
> >> script doesn't have any locking, so it is still error prone.
> >>
> >> I really don't see the point of these wrappers.
> >>
> >>> The following is a shell script to safely edit /etc/doas.conf so that
> >>> you
> > avoid locking yourself out with a bad config. I managed to do this
> > myself,
> > so thought it might be useful to a wider audience.
> >>>
> >>> It is inspired by the 'visudo' tool: it copies doas.conf to a
> >>> temporary
> > directory then opens it in vi. When you exit vi it checks the format of
> > the
> > config file, and if it passes then it will overwrite the original one
> > then
> > delete the copy. If it fails a warning is shown, and the file is
> > re-opened
> > for editing.
> >>>
> >>> It will not create /etc/doas.conf if it does not already exist (I
> >>> could
> > add a separate warning for this if needed).
> >>>
> >>> diff -u /dev/null usr.bin/doas/vidoas
> >>> --- /dev/null2018-02-22 08:14:04.607259461 +
> >>> +++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +
> >>> @@ -0,0 +1,36 @@
> >>> +#!/bin/sh
> >>> +
> >>> +# $OpenBSD$
> >>> +#
> >>> +# Copyright (c) 2018 Anthony Perkins
> >>> +#
> >>> +# Permission to use, copy, modify, and distribute this software for
> >>> any
> >>> +# purpose with or without fee is hereby granted, provided that the
> >>> above
> >>> +# copyright notice and this permission notice appear in all copies.
> >>> +#
> >>> +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> > WARRANTIES
> >>> +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> >>> +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
> >>> LIABLE FOR
> >>> +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
> >>> DAMAGES
> >>> +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
> >>> AN
> >>> +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
> >>> OUT OF
> >>> +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> >>> +
> >>> +doasconf=/etc/doas.conf
> >>> +tempfile=$(mktemp -t doas. || exit 1)
> >>> +if [ -w $doasconf ]; then
> >>> +cp $doasconf $tempfile
> >>> +vi $tempfile
> >>> +while ! doas -C $tempfile; do
> >>> +echo "Press Enter to retry, Ctrl-C to abort."
> >>> +read
> >>> +vi $tempfile
> >>> +done
> >>> +if doas -C $tempfile; then
> >>> +cp -f $tempfile $doasconf
> >>> +rm -f $tempfile
> >>> +fi
> >>> +else
> >>> +echo "$doasconf is not writable by this user."
> >>> +exit 1
> >>> +fi
> >>> diff -u /dev/null usr.bin/doas/vidoas.1
> >>> --- /dev/null2018-02-22 08:14:04.607259461 +
> >>> +++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +
> >>> @@ -0,0 +1,44 @@
> >>> +.\" $OpenBSD$
> >>> +.\"
> >>> +.\"Copyright (c) 2018 Anthony Perkins
> >>> +.\"
> >>> +.\"Permission to use, copy, modify, and distribute this software for
> >>> any
> >>> +.\"purpose with or without fee is hereby granted, provided that the
> >>> above
> >>> +.\"copyright notice and this permission notice appear in all copies.
> >>> +.\"
> >>> +.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> > WARRANTIES
> >>> +.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> >>> +.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
> >>> LIABLE
> > FOR
> >>> +.\"ANY SPECIAL,