Duncan Overbruck [Thu, 28 Jan 2021 23:00:23 +0000 (00:00 +0100)]
remove pam.d configuration files
pam configuration files are not portable, its the job of the
package maintainer or user who builds opendoas themselves to
configure pam in a safe and usable way.
martijn [Fri, 15 Jan 2021 08:32:55 +0000 (08:32 +0000)]
Be more explicit by stating that the -n flag is linked to the nopass option in doas.conf instead of a generic "would prompt for password", which could lead people into believing that persist could work with this option.
tedu [Fri, 27 Nov 2015 21:10:17 +0000 (21:10 +0000)]
after reading a too long line, restart at the beginning of the buffer so
we don't keep writing past the end. (the perils of trying to recover from
parse errors.)
noticed by Jan Schreiber
Sunil Nimmagadda [Thu, 12 Nov 2020 12:32:47 +0000 (18:02 +0530)]
opendoas: Fallback for setresuid(2).
This approach borrows from openssh-portable. The bsd-setres_id.c
is adapted with openssh-portable specific bits (log.h inclusion
and error() function) removed.
doas(1) unconditionally logs all executions but syslog.conf(5) provides no
means to filter messages by user, target or command.
Add the "nolog" option to doas.conf(5) such that syslog becomes an opt-out
feature; this keeps configuration simple enough yet powerful since rule
definition is the best place to decide whether to log commands or not on a
per rule basis - this also aoids duplicating information or logic in any
other log processing tool.
In case "cmd" (and "args") in doas.conf(5) mismatch, the log syslog(3)
message might be read as if the command was executed but failed, i.e.
returned non-zero.
Be unambiguous and help admins spot execution *attempts* as such:
-Oct 9 01:05:20 eru doas: failed command for kn: echo bar
+Oct 9 01:05:20 eru doas: command not permitted for kn: echo bar
jmc [Sat, 16 May 2020 16:58:11 +0000 (16:58 +0000)]
list example files in FILES with a short description: generally, "Example configuration file.", but occasionally something else fit better; at the same time, try to make the format for FILES more consistent;
schwarze [Mon, 10 Feb 2020 13:18:20 +0000 (13:18 +0000)]
briefly mention /etc/examples/ in the FILES section of all the manual pages that document the corresponding configuration files; OK jmc@, and general direction discussed with many
Some distributions may choose to place configuration files in a different
directory than /etc. The configure script provides --sysconfdir
option already, use it to find doas.conf path instead of hardcoding
'/etc/doas.conf'.
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).
problem initially noted by myself for passwd(1)
millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1)
mestre@ noted chpass(1) too
tedu [Sat, 29 Jun 2019 22:35:37 +0000 (22:35 +0000)]
fix some more fallout from setting path in setusercontext. restore previous behavior of using user PATH if no cmd restriction in the rule. run into by espie
tedu [Mon, 17 Jun 2019 19:51:23 +0000 (19:51 +0000)]
setusercontext resets PATH (which we want). but then it becomes impossible to access the old PATH. save a copy in case we need it later. bug report from espie.
tedu [Sun, 16 Jun 2019 18:16:34 +0000 (18:16 +0000)]
redo the environment inheritance to not inherit. it was intended to make life easier, but it can be surprising or even unsafe. instead, reset just about everything to the target user's values. ok deraadt martijn Thanks to Sander Bos in particular for pointing out some nasty edge cases.
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.