The persist feature in doas (actually the kernel side implementation) has some
additional checks. The idea was to prevent accidental usage, but in practice
it seems this is making life more difficult than necessary. It's cost without
benefit. This diff relaxes the session checks so it should be possible to use
doas in ports building, etc.
Index: tty_tty.c
===================================================================
RCS file: /cvs/src/sys/kern/tty_tty.c,v
retrieving revision 1.24
diff -u -p -r1.24 tty_tty.c
--- tty_tty.c 2 May 2018 02:24:56 -0000 1.24
+++ tty_tty.c 23 Jan 2019 02:45:08 -0000
@@ -128,17 +128,12 @@ cttyioctl(dev_t dev, u_long cmd, caddr_t
return 0;
case TIOCCHKVERAUTH:
/*
- * It's not clear when or what these checks are for.
- * How can we reach this code with a differnt ruid?
- * The ppid check is also more porous than desired.
- * Nevertheless, the checks reflect the original intention;
- * namely, that it be the same user using the same shell.
+ * Check that we are the same user that set verauth.
*/
sess = p->p_p->ps_pgrp->pg_session;
- if (sess->s_verauthuid == p->p_ucred->cr_ruid &&
- sess->s_verauthppid == p->p_p->ps_pptr->ps_pid)
- return 0;
- return EPERM;
+ if (sess->s_verauthuid != p->p_ucred->cr_ruid)
+ return EPERM;
+ return 0;
}
return (VOP_IOCTL(ttyvp, cmd, addr, flag, NOCRED, p));
}
