Hi,

possibly there is only some missing enlightenment for me.

How would you prevent that something like 'doas vi /etc/fstab' (which will run as root) doesn't offer the user to enter a root shell within vi (by typing '.sh')?

You may direct me to appropriate man pages.

Thank you!

Kind regards
Felix

On 28.02.2018 19:32, Michael Price wrote:
Perhaps I am just dense, but what problem does sudoedit solve that is not
easily solved with groups and chmod?

Michael

On Wed, Feb 28, 2018 at 12:57 PM Felix Maschek <fe...@maschek.com> wrote:

Hi,

to prevent privilege escalation by allowing 'sudo vi' (simple by
invoking a shell from within vi) there is a special command 'sudoedit'.
So far I can see this is missing currently if I use doas instead of
sudo.

So adding a similar command is more helpful to secure a system than
special editors for every config file.

Kind regards
Felix

On 28.02.2018 18:22, Frans Haarman wrote:
> I've wondered about the usefulness of something like 'rcctl edit
> bgpd'and a
> bgpd_conf=/etc/bgpd.conf in rc.conf.
>
> Together with a 'rcctl clone' creating rc.d/bgpd symlink and
> rc.conf.local
> flags.
>
> Might make it easier running multiple of the same daemons?
>
> Add more cool stuff later like 'rcctl edit bgpd commit' and 'rcctl edit
> bgpd confirm'.
>
> Just wondering out loud now :)
>
> Regards,
> Frans
>
> Op woensdag 28 februari 2018 heeft Theo de Raadt <dera...@openbsd.org>
> het
> volgende geschreven:
>> Yeah.
>>
>> And I suppose we also need seperate programs for all the other files
>> in /etc?
>>
>> Such as visysctl.conf, vivm.conf, vigroup, vishells, virc.conf.local,
>> visshd, vissh, etc
>>
>> After all, someone could create unsafe configurations, and lots of
> handholding
>> is needed everywhere, yes?
>>
>> I'm sorry, but I disagree.  The tooling already exists to let you do
>> this carefully.  It is up to people to use their brains. And your
>> script doesn't have any locking, so it is still error prone.
>>
>> I really don't see the point of these wrappers.
>>
>>> The following is a shell script to safely edit /etc/doas.conf so that
>>> you
> avoid locking yourself out with a bad config. I managed to do this
> myself,
> so thought it might be useful to a wider audience.
>>>
>>> It is inspired by the 'visudo' tool: it copies doas.conf to a
>>> temporary
> directory then opens it in vi. When you exit vi it checks the format of
> the
> config file, and if it passes then it will overwrite the original one
> then
> delete the copy. If it fails a warning is shown, and the file is
> re-opened
> for editing.
>>>
>>> It will not create /etc/doas.conf if it does not already exist (I
>>> could
> add a separate warning for this if needed).
>>>
>>> diff -u /dev/null usr.bin/doas/vidoas
>>> --- /dev/null2018-02-22 08:14:04.607259461 +0000
>>> +++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +0000
>>> @@ -0,0 +1,36 @@
>>> +#!/bin/sh
>>> +
>>> +# $OpenBSD$
>>> +#
>>> +# Copyright (c) 2018 Anthony Perkins <anth...@acperkins.com>
>>> +#
>>> +# Permission to use, copy, modify, and distribute this software for
>>> any
>>> +# purpose with or without fee is hereby granted, provided that the
>>> above
>>> +# copyright notice and this permission notice appear in all copies.
>>> +#
>>> +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> WARRANTIES
>>> +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>>> +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
>>> LIABLE FOR
>>> +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
>>> DAMAGES
>>> +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
>>> AN
>>> +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
>>> OUT OF
>>> +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>>> +
>>> +doasconf=/etc/doas.conf
>>> +tempfile=$(mktemp -t doas.XXXXXXXX || exit 1)
>>> +if [ -w $doasconf ]; then
>>> +cp $doasconf $tempfile
>>> +vi $tempfile
>>> +while ! doas -C $tempfile; do
>>> +echo "Press Enter to retry, Ctrl-C to abort."
>>> +read
>>> +vi $tempfile
>>> +done
>>> +if doas -C $tempfile; then
>>> +cp -f $tempfile $doasconf
>>> +rm -f $tempfile
>>> +fi
>>> +else
>>> +echo "$doasconf is not writable by this user."
>>> +exit 1
>>> +fi
>>> diff -u /dev/null usr.bin/doas/vidoas.1
>>> --- /dev/null2018-02-22 08:14:04.607259461 +0000
>>> +++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +0000
>>> @@ -0,0 +1,44 @@
>>> +.\" $OpenBSD$
>>> +.\"
>>> +.\"Copyright (c) 2018 Anthony Perkins <anth...@acperkins.com>
>>> +.\"
>>> +.\"Permission to use, copy, modify, and distribute this software for
>>> any
>>> +.\"purpose with or without fee is hereby granted, provided that the
>>> above
>>> +.\"copyright notice and this permission notice appear in all copies.
>>> +.\"
>>> +.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> WARRANTIES
>>> +.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>>> +.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
>>> LIABLE
> FOR
>>> +.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
>>> DAMAGES
>>> +.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER
>>> IN AN
>>> +.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
>>> OUT
> OF
>>> +.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>>> +.Dd $Mdocdate: February 28 2018 $
>>> +.Dt VIDOAS 1
>>> +.Os
>>> +.Sh NAME
>>> +.Nm vidoas
>>> +.Nd safely edit the doas config file
>>> +.Sh SYNOPSIS
>>> +.Nm vidoas
>>> +.Sh DESCRIPTION
>>> +The
>>> +.Nm
>>> +utility edits a copy of
>>> +.Pa /etc/doas.conf .
>>> +If the copy is valid the original file will be replaced.
>>> +.Pp
>>> +This helps to prevent you from accidentally
>>> +locking yourself out from
>>> +.Xr doas 1
>>> +with a typo.
>>> +It is inspired by the
>>> +.Xr visudo 1
>>> +utility.
>>> +.Pp
>>> +This utility takes no arguments.
>>> +.Sh SEE ALSO
>>> +.Xr doas 1 ,
>>> +.Xr doas.conf 5
>>> +.Sh AUTHORS
>>> +.An Anthony Perkins <anth...@acperkins.com>
>>>
>>> This is only my second ever submission, so I would appreciate any
> guidance. I've also not yet edited the Makefile to include this in the
> build.
>>>
>>> All the best,
>>>
>>> Anthony
>>>
>>> --
>>> Anthony Perkins
>>> Email: anth...@acperkins.com<mailto:anth...@acperkins.com>
>>> OpenPGP: https://acperkins.com/openpgp
>>>
>>>
>>
>>



Reply via email to