todo and notes
added two files, TODO: things that still need to be taken care of that may be too long to write in the source code config.template: mockups of the config file
This commit is contained in:
parent
5ef9bd4200
commit
eefd0545cd
5
TODO
Normal file
5
TODO
Normal file
@ -0,0 +1,5 @@
|
||||
- Modify the following environment variables: (listed in environ(7))
|
||||
* USER -> to target user
|
||||
* LOGNAME -> to target user
|
||||
* SHELL -> to the target user's SHELL
|
||||
* HOME -> to the target user's HOME
|
||||
96
config.template
Normal file
96
config.template
Normal file
@ -0,0 +1,96 @@
|
||||
SECURITY CONSIDERATIONS
|
||||
=======================
|
||||
|
||||
1. commands must be given by absolute path, that's because if you do otherwise
|
||||
nopassword commands could be hijacked:
|
||||
|
||||
in the config:
|
||||
nopass badguy as root cmd zzz
|
||||
in the shell:
|
||||
~ $ export PATH=/home/badguy/test:$PATH
|
||||
~ $ mkdir test
|
||||
~ $ printf '#!/bin/sh\nrm -rf --no-preserve-root' > test/zzz
|
||||
~ $ chmod +x test/zzz
|
||||
~ $ us zzz #this deletes the filesystem without password!
|
||||
|
||||
IDEA 1
|
||||
======
|
||||
|
||||
# this is a comment
|
||||
# rules are goruped by user/group
|
||||
# rules are structured somewhat like json, example:
|
||||
|
||||
# Only 'command' is allowed to run without a password, all the rest is blocked
|
||||
ale {
|
||||
allow {
|
||||
command nopass
|
||||
}
|
||||
|
||||
deny {
|
||||
/.*/
|
||||
}
|
||||
}
|
||||
|
||||
IDEA 2 - THE DOAS WAY
|
||||
=====================
|
||||
|
||||
# this is a comment
|
||||
# every line is a rule
|
||||
# rules are structured like this:
|
||||
|
||||
permit|deny [options] identity [as target] [cmd command [args ...]]
|
||||
|
||||
# look at doas.conf(5) for more information
|
||||
|
||||
IDEA 2-3
|
||||
========
|
||||
|
||||
# reverse-doas way
|
||||
-> identity permit|deny [command [args ...]] [options]
|
||||
|
||||
# but how would I distinguish between command and options?
|
||||
-> identity [options] permit|deny [command [args ...]]
|
||||
|
||||
# spaces are not a very good separatow when in comes to commands
|
||||
-> identity,[options],permit|deny,[command [args ...]]
|
||||
|
||||
#
|
||||
# this is kinda similar to a crontab, basically options are required
|
||||
#
|
||||
|
||||
# config structure:
|
||||
-> identity options as action [command [args ...]]
|
||||
^ ^ ^ ^
|
||||
can be * | | permit, deny
|
||||
can be nil (NULL) |
|
||||
can be *
|
||||
|
||||
# permit user "ale" to execute command "shutdown" as root without password:
|
||||
-> ale nopass root permit shutdown
|
||||
# permit members of the wheel group to execute any comands as any user:
|
||||
-> :wheel nil * permit
|
||||
# deny users of the wheel group to execute commands that begin with "sys":
|
||||
# this could be circumvented by having the command inside a shell script
|
||||
-> :wheel nil * deny /sys.*/
|
||||
# deny all users to execute all comands as any other user
|
||||
-> * nil * deny
|
||||
#
|
||||
# let's scramble things up to make more sense
|
||||
#
|
||||
[action] options identity as [command [args ...]]
|
||||
^ ^ ^ ^
|
||||
| | can both be * (any)
|
||||
| can be none, comma separated
|
||||
none: permit
|
||||
'!': deny (negate rule)
|
||||
|
||||
# allow users of the wheel group to execute any command as root:
|
||||
-> none :wheel root
|
||||
# deny all users to execute commands that start with "sys"
|
||||
-> ! none * * /sys.*/
|
||||
|
||||
IDEA 3 - THE SUCKLESS WAY
|
||||
=========================
|
||||
|
||||
configuration should happen inside a source file called config.h, to apply
|
||||
changes to the configuration the program has to be recompiled
|
||||
Loading…
Reference in New Issue
Block a user