Hi,
to prevent privilege escalation by allowing 'sudo vi' (simple by
invoking a shell from within vi) there is a special command 'sudoedit'.
So far I can see this is missing currently if I use doas instead of
sudo.
So adding a similar command is more helpful to secure a system than
special editors for every config file.
Kind regards
Felix
On 28.02.2018 18:22, Frans Haarman wrote:
I've wondered about the usefulness of something like 'rcctl edit
bgpd'and a
bgpd_conf=/etc/bgpd.conf in rc.conf.
Together with a 'rcctl clone' creating rc.d/bgpd symlink and
rc.conf.local
flags.
Might make it easier running multiple of the same daemons?
Add more cool stuff later like 'rcctl edit bgpd commit' and 'rcctl edit
bgpd confirm'.
Just wondering out loud now :)
Regards,
Frans
Op woensdag 28 februari 2018 heeft Theo de Raadt <dera...@openbsd.org>
het
volgende geschreven:
Yeah.
And I suppose we also need seperate programs for all the other files
in /etc?
Such as visysctl.conf, vivm.conf, vigroup, vishells, virc.conf.local,
visshd, vissh, etc
After all, someone could create unsafe configurations, and lots of
handholding
is needed everywhere, yes?
I'm sorry, but I disagree. The tooling already exists to let you do
this carefully. It is up to people to use their brains. And your
script doesn't have any locking, so it is still error prone.
I really don't see the point of these wrappers.
The following is a shell script to safely edit /etc/doas.conf so that
you
avoid locking yourself out with a bad config. I managed to do this
myself,
so thought it might be useful to a wider audience.
It is inspired by the 'visudo' tool: it copies doas.conf to a
temporary
directory then opens it in vi. When you exit vi it checks the format of
the
config file, and if it passes then it will overwrite the original one
then
delete the copy. If it fails a warning is shown, and the file is
re-opened
for editing.
It will not create /etc/doas.conf if it does not already exist (I
could
add a separate warning for this if needed).
diff -u /dev/null usr.bin/doas/vidoas
--- /dev/null2018-02-22 08:14:04.607259461 +0000
+++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +0000
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# $OpenBSD$
+#
+# Copyright (c) 2018 Anthony Perkins <anth...@acperkins.com>
+#
+# Permission to use, copy, modify, and distribute this software for
any
+# purpose with or without fee is hereby granted, provided that the
above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+doasconf=/etc/doas.conf
+tempfile=$(mktemp -t doas.XXXXXXXX || exit 1)
+if [ -w $doasconf ]; then
+cp $doasconf $tempfile
+vi $tempfile
+while ! doas -C $tempfile; do
+echo "Press Enter to retry, Ctrl-C to abort."
+read
+vi $tempfile
+done
+if doas -C $tempfile; then
+cp -f $tempfile $doasconf
+rm -f $tempfile
+fi
+else
+echo "$doasconf is not writable by this user."
+exit 1
+fi
diff -u /dev/null usr.bin/doas/vidoas.1
--- /dev/null2018-02-22 08:14:04.607259461 +0000
+++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +0000
@@ -0,0 +1,44 @@
+.\" $OpenBSD$
+.\"
+.\"Copyright (c) 2018 Anthony Perkins <anth...@acperkins.com>
+.\"
+.\"Permission to use, copy, modify, and distribute this software for
any
+.\"purpose with or without fee is hereby granted, provided that the
above
+.\"copyright notice and this permission notice appear in all copies.
+.\"
+.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES
+.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
LIABLE
FOR
+.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
DAMAGES
+.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER
IN AN
+.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
OUT
OF
+.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.Dd $Mdocdate: February 28 2018 $
+.Dt VIDOAS 1
+.Os
+.Sh NAME
+.Nm vidoas
+.Nd safely edit the doas config file
+.Sh SYNOPSIS
+.Nm vidoas
+.Sh DESCRIPTION
+The
+.Nm
+utility edits a copy of
+.Pa /etc/doas.conf .
+If the copy is valid the original file will be replaced.
+.Pp
+This helps to prevent you from accidentally
+locking yourself out from
+.Xr doas 1
+with a typo.
+It is inspired by the
+.Xr visudo 1
+utility.
+.Pp
+This utility takes no arguments.
+.Sh SEE ALSO
+.Xr doas 1 ,
+.Xr doas.conf 5
+.Sh AUTHORS
+.An Anthony Perkins <anth...@acperkins.com>
This is only my second ever submission, so I would appreciate any
guidance. I've also not yet edited the Makefile to include this in the
build.
All the best,
Anthony
--
Anthony Perkins
Email: anth...@acperkins.com<mailto:anth...@acperkins.com>
OpenPGP: https://acperkins.com/openpgp
