An easier and more reliable compromise would be running 'doas sh' and
executing multiple commands in the shell that is root.
Having said that, I am unsure if doas(1) uses the $HOME of the current
user, or the user that the command is executed as.
If $HOME is that of the current user, the advantage
On Mon, 27 Jul 2015 11:12:17 +0100, Kevin Chadwick wrote:
> It's not a big deal but one feature of sudo that I occasionally use is
> sudoedit.
You can get sudoedit-like functionality without building it into
doas. All you really need is an editor front-end that uses getlogin(2)
to figure out the
This is harder to make secure than you realize. Once you add it
you will people will complain that if you logout and log back in
again during the timeout you can still run commands. Next you will
get requests for per-tty and per-destination user timeout files.
But wait! If someone can change th
Gregory Edigarov wrote:
> hi,
> here's an updated diff using /var/doas directory root:wheel owned with a
> strict 700 permissions. checks and batteries included.
Sorry, but this is not a feature we want at this time.
Theo Buehler wrote:
> I'm probably missing something, but from reading your implementation of
> checktimeout() it seems that you can easily cumvent the password prompt
> using something like this (assuming the timeout is enabled for the
> user):
And this is why this feature is not included in doas
hi,
here's an updated diff using /var/doas directory root:wheel owned with a
strict 700 permissions. checks and batteries included.
Index: doas.c
===
RCS file: /cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.27
diff -u -p -u -
On Mon, Jul 27, 2015 at 02:55:34PM +0300, Gregory Edigarov wrote:
> Thanks for showing that to me, Marc. Will think on how to implement that in
> a more secure way. I think I need to add a token based check? Correct?
I don't think you get what I'm saying.
I don't think there's any way to impleme
On 07/27/2015 01:08 PM, Theo Buehler wrote:
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
Hi,
sudo was having a nice feature of not overwhelming the user with password
prompts (cookies :-) ).
This diff is adding this back to doas(1).
On Mon, Jul 27, 2015 at 10:54:02AM +
On 07/27/2015 01:21 PM, Marc Espie wrote:
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
Hi,
sudo was having a nice feature of not overwhelming the user with password
prompts (cookies :-) ).
This diff is adding this back to doas(1).
Index: doas.c
=
On 07/27/2015 01:33 PM, Stuart Henderson wrote:
On 2015/07/27 10:54, Gregory Edigarov wrote:
Hi,
sudo was having a nice feature of not overwhelming the user with password
prompts (cookies :-) ).
There is nothing stopping you from installing sudo from packages if
you need its features...
Of
On 2015/07/27 10:54, Gregory Edigarov wrote:
> Hi,
>
> sudo was having a nice feature of not overwhelming the user with password
> prompts (cookies :-) ).
There is nothing stopping you from installing sudo from packages if
you need its features...
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
> Hi,
>
> sudo was having a nice feature of not overwhelming the user with password
> prompts (cookies :-) ).
>
> This diff is adding this back to doas(1).
>
> Index: doas.c
> ==
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
> Hi,
>
> sudo was having a nice feature of not overwhelming the user with password
> prompts (cookies :-) ).
>
> This diff is adding this back to doas(1).
>
On Mon, Jul 27, 2015 at 10:54:02AM +0300, Gregory Edigarov wrote:
> Hi,
On 07/27/2015 01:12 PM, Kevin Chadwick wrote:
sudo was having a nice feature of not overwhelming the user with
password prompts (cookies :-) ).
This diff is adding this back to doas(1).
It's not a big deal but one feature of sudo that I occasionally use is
sudoedit or a one-time su like comma
> sudo was having a nice feature of not overwhelming the user with
> password prompts (cookies :-) ).
>
> This diff is adding this back to doas(1).
It's not a big deal but one feature of sudo that I occasionally use is
sudoedit or a one-time su like command with timestamp_timeout=0 to
always pro
Hi,
sudo was having a nice feature of not overwhelming the user with
password prompts (cookies :-) ).
This diff is adding this back to doas(1).
Index: doas.c
===
RCS file: /cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.27
d
16 matches
Mail list logo