Ask for a password when we're going to fail() anyway, to avoid
leaking information about available commands. The sudo(8) behaves
the same way, FWIW.

okay?

--
WBR,
  Vadim Zhukov


Index: doas.c
===================================================================
RCS file: /cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.2
diff -u -p -r1.2 doas.c
--- doas.c      16 Jul 2015 21:00:59 -0000      1.2
+++ doas.c      16 Jul 2015 22:05:44 -0000
@@ -249,7 +249,7 @@ main(int argc, char **argv, char **envp)
        char myname[32];
        uid_t uid, target = 0;
        gid_t groups[NGROUPS_MAX + 1];
-       int ngroups;
+       int ngroups, permitted;
        struct passwd *pw;
        struct rule *rule;
        const char *cmd;
@@ -292,17 +292,17 @@ main(int argc, char **argv, char **envp)
                err(1, "can't get groups");
        groups[ngroups++] = getgid();
 
-       if (!permit(uid, groups, ngroups, &rule, target, cmd)) {
+       permitted = permit(uid, groups, ngroups, &rule, target, cmd);
+       if (!permitted)
                syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed command for %s: %s", 
myname, cmdline);
-               fail();
-       }
-
-       if (!(rule->options & NOPASS)) {
+       if (!permitted || !(rule->options & NOPASS)) {
                if (!auth_userokay(myname, NULL, NULL, NULL)) {
                        syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed password for 
%s", myname);
                        fail();
                }
        }
+       if (!permitted)
+               fail();
        envp = copyenv((const char **)envp, rule);
 
        pw = getpwuid(target);

Reply via email to