Perhaps I am just dense, but what problem does sudoedit solve that is not
easily solved with groups and chmod?

Michael

On Wed, Feb 28, 2018 at 12:57 PM Felix Maschek <fe...@maschek.com> wrote:

> Hi,
>
> to prevent privilege escalation by allowing 'sudo vi' (simple by
> invoking a shell from within vi) there is a special command 'sudoedit'.
> So far I can see this is missing currently if I use doas instead of
> sudo.
>
> So adding a similar command is more helpful to secure a system than
> special editors for every config file.
>
> Kind regards
> Felix
>
> On 28.02.2018 18:22, Frans Haarman wrote:
> > I've wondered about the usefulness of something like 'rcctl edit
> > bgpd'and a
> > bgpd_conf=/etc/bgpd.conf in rc.conf.
> >
> > Together with a 'rcctl clone' creating rc.d/bgpd symlink and
> > rc.conf.local
> > flags.
> >
> > Might make it easier running multiple of the same daemons?
> >
> > Add more cool stuff later like 'rcctl edit bgpd commit' and 'rcctl edit
> > bgpd confirm'.
> >
> > Just wondering out loud now :)
> >
> > Regards,
> > Frans
> >
> > Op woensdag 28 februari 2018 heeft Theo de Raadt <dera...@openbsd.org>
> > het
> > volgende geschreven:
> >> Yeah.
> >>
> >> And I suppose we also need seperate programs for all the other files
> >> in /etc?
> >>
> >> Such as visysctl.conf, vivm.conf, vigroup, vishells, virc.conf.local,
> >> visshd, vissh, etc
> >>
> >> After all, someone could create unsafe configurations, and lots of
> > handholding
> >> is needed everywhere, yes?
> >>
> >> I'm sorry, but I disagree.  The tooling already exists to let you do
> >> this carefully.  It is up to people to use their brains. And your
> >> script doesn't have any locking, so it is still error prone.
> >>
> >> I really don't see the point of these wrappers.
> >>
> >>> The following is a shell script to safely edit /etc/doas.conf so that
> >>> you
> > avoid locking yourself out with a bad config. I managed to do this
> > myself,
> > so thought it might be useful to a wider audience.
> >>>
> >>> It is inspired by the 'visudo' tool: it copies doas.conf to a
> >>> temporary
> > directory then opens it in vi. When you exit vi it checks the format of
> > the
> > config file, and if it passes then it will overwrite the original one
> > then
> > delete the copy. If it fails a warning is shown, and the file is
> > re-opened
> > for editing.
> >>>
> >>> It will not create /etc/doas.conf if it does not already exist (I
> >>> could
> > add a separate warning for this if needed).
> >>>
> >>> diff -u /dev/null usr.bin/doas/vidoas
> >>> --- /dev/null2018-02-22 08:14:04.607259461 +0000
> >>> +++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +0000
> >>> @@ -0,0 +1,36 @@
> >>> +#!/bin/sh
> >>> +
> >>> +# $OpenBSD$
> >>> +#
> >>> +# Copyright (c) 2018 Anthony Perkins <anth...@acperkins.com>
> >>> +#
> >>> +# Permission to use, copy, modify, and distribute this software for
> >>> any
> >>> +# purpose with or without fee is hereby granted, provided that the
> >>> above
> >>> +# copyright notice and this permission notice appear in all copies.
> >>> +#
> >>> +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> > WARRANTIES
> >>> +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> >>> +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
> >>> LIABLE FOR
> >>> +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
> >>> DAMAGES
> >>> +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
> >>> AN
> >>> +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
> >>> OUT OF
> >>> +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> >>> +
> >>> +doasconf=/etc/doas.conf
> >>> +tempfile=$(mktemp -t doas.XXXXXXXX || exit 1)
> >>> +if [ -w $doasconf ]; then
> >>> +cp $doasconf $tempfile
> >>> +vi $tempfile
> >>> +while ! doas -C $tempfile; do
> >>> +echo "Press Enter to retry, Ctrl-C to abort."
> >>> +read
> >>> +vi $tempfile
> >>> +done
> >>> +if doas -C $tempfile; then
> >>> +cp -f $tempfile $doasconf
> >>> +rm -f $tempfile
> >>> +fi
> >>> +else
> >>> +echo "$doasconf is not writable by this user."
> >>> +exit 1
> >>> +fi
> >>> diff -u /dev/null usr.bin/doas/vidoas.1
> >>> --- /dev/null2018-02-22 08:14:04.607259461 +0000
> >>> +++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +0000
> >>> @@ -0,0 +1,44 @@
> >>> +.\" $OpenBSD$
> >>> +.\"
> >>> +.\"Copyright (c) 2018 Anthony Perkins <anth...@acperkins.com>
> >>> +.\"
> >>> +.\"Permission to use, copy, modify, and distribute this software for
> >>> any
> >>> +.\"purpose with or without fee is hereby granted, provided that the
> >>> above
> >>> +.\"copyright notice and this permission notice appear in all copies.
> >>> +.\"
> >>> +.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> > WARRANTIES
> >>> +.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> >>> +.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
> >>> LIABLE
> > FOR
> >>> +.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
> >>> DAMAGES
> >>> +.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER
> >>> IN AN
> >>> +.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
> >>> OUT
> > OF
> >>> +.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> >>> +.Dd $Mdocdate: February 28 2018 $
> >>> +.Dt VIDOAS 1
> >>> +.Os
> >>> +.Sh NAME
> >>> +.Nm vidoas
> >>> +.Nd safely edit the doas config file
> >>> +.Sh SYNOPSIS
> >>> +.Nm vidoas
> >>> +.Sh DESCRIPTION
> >>> +The
> >>> +.Nm
> >>> +utility edits a copy of
> >>> +.Pa /etc/doas.conf .
> >>> +If the copy is valid the original file will be replaced.
> >>> +.Pp
> >>> +This helps to prevent you from accidentally
> >>> +locking yourself out from
> >>> +.Xr doas 1
> >>> +with a typo.
> >>> +It is inspired by the
> >>> +.Xr visudo 1
> >>> +utility.
> >>> +.Pp
> >>> +This utility takes no arguments.
> >>> +.Sh SEE ALSO
> >>> +.Xr doas 1 ,
> >>> +.Xr doas.conf 5
> >>> +.Sh AUTHORS
> >>> +.An Anthony Perkins <anth...@acperkins.com>
> >>>
> >>> This is only my second ever submission, so I would appreciate any
> > guidance. I've also not yet edited the Makefile to include this in the
> > build.
> >>>
> >>> All the best,
> >>>
> >>> Anthony
> >>>
> >>> --
> >>> Anthony Perkins
> >>> Email: anth...@acperkins.com<mailto:anth...@acperkins.com>
> >>> OpenPGP: https://acperkins.com/openpgp
> >>>
> >>>
> >>
> >>
>
>

Reply via email to