You are not logged in.
I just
permit nopass user as root cmd poweroff args -f
in UXTerm in X
it works
I will replace dummy-logind with vanilla, and do again
I'll be back
Also I use xserver-xorg-legacy /etc/Xwrapper.config
and I don't use a login manager
aaaggghhh!
Offline
I installed libpam-elogind which purged dummy-logind & libsystemd0
user in X, doas poweroff -f, works
will repeat with seatd
Offline
installed seatd (doesn't remove libsystemd0)
purged dummy-logind
works
will repeat with seatd & lightdm (if I can)
Offline
installed seatd & lightdm, lightdm removes libsystemd0
failed to fire up lightdm
there's no README
tried alt sysrq r e i s u
don't know if I can config lightdm on the fly
sorry, don't have time
Offline
WOW! You're gonna test all possible configurations. LOL
OK I got it all figured out. It's so simple I can't believe it cause this much trouble. It can be summed up by saying the configuration is very specific. nopass is only allowed if it's exactly as it is in the file. So to sum this all up.
1. If you configure it with args then you have to use the args or it won't work
2. If you configure it with the full path you must use the full path - many graphical apps will need this. For example JWMKit.
3. The reverse is true if you configure as the command line only the command will not work if you do the full path.
So the args do work for me, but I tested without the args assuming it world work with or without them.
When I tested in the terminal it did not work because I did not use the full path as configured in my file.
This is why it worked with the scripts, and graphical apps, as they did use the full path.
So I will configure with multiple combinations.
full path with args
full path without args.
no path with args
no path without args
permit nopass user as root cmd poweroff args -f
permit nopass user as root cmd poweroff
permit nopass user as root cmd /sbin/poweroff args -f
permit nopass user as root cmd /sbin/poweroff
Does any one feel dumb now
To be fair I would expect it to know that poweroff is the same as /sbin/poweroff since /sbin/ is in the exec path. Also I would expect the args to be optional. Maybe requiring it to be exact adds extra security. I mean you could easily manipulate the exec path to hack the system. right?
In a way we were all correct, it's just the configuration wasn't specific enough for zappers setup where he wanted to use both the commandline (no path with args) and jwmkit (path, and no args)
Offline
Check what happens if you put a program called poweroff in your path that does something else. Eg the following:
#!/bin/bash
echo In fake poweroff script
id
If that says it's running as root you have a security hole. A malicious person could add something like rm -rF / to it.
Online
I had already thought of that when I made my last post, so I tested it.
I created a fake whoami file in my local path ~/.local/bin/ that simply echos HAHA! The results:
regular user - runs the fake whoami
with sudo - runs the real whoami
with doas - runs the fake whoami
Yep security issue. So you might want to use full path when adding nopass commands.
update : Does not affect nopass commands. See post below.
Last edited by JWM-Kit (2024-09-18 20:44:25)
Offline
I'm reporting the issue right now.
Offline
Update, commands specified using nopass are limited to the restricted PATH. So that's good.
But it still seems that you could still do damage with a fake executable, even if a password is required. Just put it in the local path (in $HOME) like I did with the whoami example above and the user will be tricked to give the password.
of course a better example would be apt because why would you you'd be less likely to use root for whoami.
Last edited by JWM-Kit (2024-09-18 23:01:01)
Offline
Considering my concern of a fake executable in $HOME, my doas.conf will use the setenv option to override the path order to be more aligned with the expected Linux order (opposed to the original BSD order). Also, I have exclude the paths in $HOME. If I were to add them it would be at the end to be searched last.
permit setenv {PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin} user as root
Last edited by JWM-Kit (2024-09-19 14:52:33)
Offline
That *might* not matter if you are the *only* person who can use the system. But its a *big* concern for multi-user systems.
Online
@chris2be8
I agree. Lots of things aren't a problem for people who understand their system. The issue is non-technical users. Sadly it is those same user who will not made the effort to configure their system properly. Of course I'm sure those users are using sudo, so it's not an issue.
Last edited by JWM-Kit (2024-09-19 20:59:13)
Offline
I started with computers and with Linux in 1998, RedHat 6, Knoppix, SysRescCd, DamnSmallLinux, soon got fed up with sudo, what with trying to get to work cdc-acm gprs & usb modem & having to make kernel module etc etc etc.
Up until only some weeks ago I didn't use doas.
I booted, logged in as root, masquerade MAC address, ifup.
Another login as user, startx.
This is a good post, this learning about fake executable.
I hope we hear from zapper how he's getting on.
Offline
After openssl, I don't care to see sudo on Debian security.
I hope that simples doas is superior to sudo.
Offline
@bilhook @JWM-Kit
I reinstalled and doas works fine again for that purpose. Although, I did custom instead of doas no password.
Then, I did doas poweroff and doas reboot in their respective places. Now I can shutdown and reboot the way I want.
reinstalling sadly hasn't fixed my wine bug though.
Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!
Offline