# OpenDoas: a portable version of OpenBSD's `doas` command
-
-
-Apologies to [Randall Monroe](http://www.xkcd.org/149/). This work is
-licensed under a [Creative Commons Attribution-NonCommercial 2.5 License](http://creativecommons.org/licenses/by-nc/2.5/).
-
`doas` is a minimal replacement for the venerable `sudo`. It was
initially [written by Ted Unangst](http://www.tedunangst.com/flak/post/doas)
of the OpenBSD project to provide 95% of the features of `sudo` with a
fraction of the codebase.
-This is still a work in progress! Please do not deploy yet in a critical
-environment! Of note, `doas` semantics may yet change, and I haven't
-performed even a trivial security audit of my additions.
-
-## Building and installing
+## Building and installation discouragements
-Building `doas` should be just a simple `make` away.
+There are a few steps you have to carefully consider before building and installing
+opendoas:
-The included makefile also has an installation target. Installation
-requires root access to properly set the executable permissions. You'll
-also need to install a `doas.conf` file:
-
-```
-make && sudo make install
-echo "permit :admin" | sudo tee /etc/doas.conf
-```
-
-Oh the irony, using `sudo` to install `doas`!
+* There are less eyes on random doas ports, just because sudo had a vulnerability
+ does not mean random doas ports are more secure if they are not reviewed
+ or pam is configured incorrectly.
+* If you want to use pam; You have to [configure pam](#pam-configuration)
+ and failing to do so correctly might leave a big open door.
+* Use the configure script to configure the opendoas.
+* Use the default make target to build the software.
+* If you really want to install a setuid binary that depends on
+ pam being correctly configured, use the make install target
+ to install the software.
## About the port
+This is not an official port/project from OpenBSD!
+
As much as possible I've attempted to stick to `doas` as tedu desired
it. As things stand it's essentially just code lifted from OpenBSD with
-PAM based authentication glommed on to it.
+PAM or shadow based authentication glommed on to it.
-I've used cvsync and git-cvsimport to retain the history of the core
-source files. I may choose to go back and do the same with some of the
-compatibility functions (such as reallocarray.c).
+Compatibility functions in libopenbsd come from openbsd directly
+(`strtonum.c`, `reallocarray.c`, `strlcpy.c`, `strlcat.c`),
+from openssh (`readpassphrase.c`) or from sudo (`closefrom.c`).
-I have found it necessary to make some fixes to the codebase. One was
-a segfault due to differences in yacc/bison, others were just minor
-fixes to warnings. Once this appears stable, I may try to upstream some
-of these.
+The PAM and shadow authentication code does not come from the OpenBSD project.
-Currently, this is only tested on MacOSX 10.10 with Clang. My next goal
-is support for Fedora Linux as well. Contributions gladly accepted. ;-)
+### pam configuration
-## Copyright
+I will not ship pam configuration files, they are distribution specific and
+its simply not safe or productive to ship and install those files.
-All code from OpenBSD is licensed under the BSD license, please see
-individual files for details as the specific text varies from file to
+If you want to use opendoas on your system and there is no package that
+ships with a working pam configuration file, then you have to write and
+test it yourself.
+
+A good starting point is probably the distribution maintained `/etc/pam.d/sudo`
file.
-All code I've written is licensed with the 2-clause BSD.
+### Perist/Timestamp/Timeout
+
+The persist feature is disabled by default and can be enabled with the configure
+flag `--with-timestamp`.
+
+This feature is new and potentially dangerous, in the original doas, a kernel API
+is used to set and clear timeouts. This API is openbsd specific and no similar API
+is available on other operating systems.
+
+As a workaround, the persist feature is implemented using timestamp files
+similar to sudo.
+
+See the comment block in `timestamp.c` for an in-depth description on how
+timestamps are created and checked to be as safe as possible.
projects / opendoas.git / blobdiff