Perhaps I am just dense, but what problem does sudoedit solve that is not easily solved with groups and chmod?
Michael On Wed, Feb 28, 2018 at 12:57 PM Felix Maschek <[email protected]> wrote: > Hi, > > to prevent privilege escalation by allowing 'sudo vi' (simple by > invoking a shell from within vi) there is a special command 'sudoedit'. > So far I can see this is missing currently if I use doas instead of > sudo. > > So adding a similar command is more helpful to secure a system than > special editors for every config file. > > Kind regards > Felix > > On 28.02.2018 18:22, Frans Haarman wrote: > > I've wondered about the usefulness of something like 'rcctl edit > > bgpd'and a > > bgpd_conf=/etc/bgpd.conf in rc.conf. > > > > Together with a 'rcctl clone' creating rc.d/bgpd symlink and > > rc.conf.local > > flags. > > > > Might make it easier running multiple of the same daemons? > > > > Add more cool stuff later like 'rcctl edit bgpd commit' and 'rcctl edit > > bgpd confirm'. > > > > Just wondering out loud now :) > > > > Regards, > > Frans > > > > Op woensdag 28 februari 2018 heeft Theo de Raadt <[email protected]> > > het > > volgende geschreven: > >> Yeah. > >> > >> And I suppose we also need seperate programs for all the other files > >> in /etc? > >> > >> Such as visysctl.conf, vivm.conf, vigroup, vishells, virc.conf.local, > >> visshd, vissh, etc > >> > >> After all, someone could create unsafe configurations, and lots of > > handholding > >> is needed everywhere, yes? > >> > >> I'm sorry, but I disagree. The tooling already exists to let you do > >> this carefully. It is up to people to use their brains. And your > >> script doesn't have any locking, so it is still error prone. > >> > >> I really don't see the point of these wrappers. > >> > >>> The following is a shell script to safely edit /etc/doas.conf so that > >>> you > > avoid locking yourself out with a bad config. I managed to do this > > myself, > > so thought it might be useful to a wider audience. > >>> > >>> It is inspired by the 'visudo' tool: it copies doas.conf to a > >>> temporary > > directory then opens it in vi. When you exit vi it checks the format of > > the > > config file, and if it passes then it will overwrite the original one > > then > > delete the copy. If it fails a warning is shown, and the file is > > re-opened > > for editing. > >>> > >>> It will not create /etc/doas.conf if it does not already exist (I > >>> could > > add a separate warning for this if needed). > >>> > >>> diff -u /dev/null usr.bin/doas/vidoas > >>> --- /dev/null2018-02-22 08:14:04.607259461 +0000 > >>> +++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +0000 > >>> @@ -0,0 +1,36 @@ > >>> +#!/bin/sh > >>> + > >>> +# $OpenBSD$ > >>> +# > >>> +# Copyright (c) 2018 Anthony Perkins <[email protected]> > >>> +# > >>> +# Permission to use, copy, modify, and distribute this software for > >>> any > >>> +# purpose with or without fee is hereby granted, provided that the > >>> above > >>> +# copyright notice and this permission notice appear in all copies. > >>> +# > >>> +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL > > WARRANTIES > >>> +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF > >>> +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE > >>> LIABLE FOR > >>> +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY > >>> DAMAGES > >>> +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN > >>> AN > >>> +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING > >>> OUT OF > >>> +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > >>> + > >>> +doasconf=/etc/doas.conf > >>> +tempfile=$(mktemp -t doas.XXXXXXXX || exit 1) > >>> +if [ -w $doasconf ]; then > >>> +cp $doasconf $tempfile > >>> +vi $tempfile > >>> +while ! doas -C $tempfile; do > >>> +echo "Press Enter to retry, Ctrl-C to abort." > >>> +read > >>> +vi $tempfile > >>> +done > >>> +if doas -C $tempfile; then > >>> +cp -f $tempfile $doasconf > >>> +rm -f $tempfile > >>> +fi > >>> +else > >>> +echo "$doasconf is not writable by this user." > >>> +exit 1 > >>> +fi > >>> diff -u /dev/null usr.bin/doas/vidoas.1 > >>> --- /dev/null2018-02-22 08:14:04.607259461 +0000 > >>> +++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +0000 > >>> @@ -0,0 +1,44 @@ > >>> +.\" $OpenBSD$ > >>> +.\" > >>> +.\"Copyright (c) 2018 Anthony Perkins <[email protected]> > >>> +.\" > >>> +.\"Permission to use, copy, modify, and distribute this software for > >>> any > >>> +.\"purpose with or without fee is hereby granted, provided that the > >>> above > >>> +.\"copyright notice and this permission notice appear in all copies. > >>> +.\" > >>> +.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL > > WARRANTIES > >>> +.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF > >>> +.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE > >>> LIABLE > > FOR > >>> +.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY > >>> DAMAGES > >>> +.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER > >>> IN AN > >>> +.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING > >>> OUT > > OF > >>> +.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. > >>> +.Dd $Mdocdate: February 28 2018 $ > >>> +.Dt VIDOAS 1 > >>> +.Os > >>> +.Sh NAME > >>> +.Nm vidoas > >>> +.Nd safely edit the doas config file > >>> +.Sh SYNOPSIS > >>> +.Nm vidoas > >>> +.Sh DESCRIPTION > >>> +The > >>> +.Nm > >>> +utility edits a copy of > >>> +.Pa /etc/doas.conf . > >>> +If the copy is valid the original file will be replaced. > >>> +.Pp > >>> +This helps to prevent you from accidentally > >>> +locking yourself out from > >>> +.Xr doas 1 > >>> +with a typo. > >>> +It is inspired by the > >>> +.Xr visudo 1 > >>> +utility. > >>> +.Pp > >>> +This utility takes no arguments. > >>> +.Sh SEE ALSO > >>> +.Xr doas 1 , > >>> +.Xr doas.conf 5 > >>> +.Sh AUTHORS > >>> +.An Anthony Perkins <[email protected]> > >>> > >>> This is only my second ever submission, so I would appreciate any > > guidance. I've also not yet edited the Makefile to include this in the > > build. > >>> > >>> All the best, > >>> > >>> Anthony > >>> > >>> -- > >>> Anthony Perkins > >>> Email: [email protected]<mailto:[email protected]> > >>> OpenPGP: https://acperkins.com/openpgp > >>> > >>> > >> > >> > >
