- Add functionality to edit a file specified on the command line.
- Add `-n` option for running prerequisite checks without editing the
configuration file.
- Install vidoas in `@PREFIX@/sbin` as it is really more of a system
maintenance command (run by administrators; requires root privileges
for editing the default **doas(1)** configuation file).
- Add a manual page (in section `8`).
- Release the code under the same MIT-like license as **doas(1)**
itself.
- Define the recipe once, and list prerequisites for each target in
separate rules.
- Also use cat(1) in the recipe in case there are multiple prerequisites
for some target in the future.
- Use mv(1) to install doas.conf to avoid writing a configuration file
while other processes might be reading it.
- Define the DOAS_CONF path once in Makefile and pass that to the
substitutions instead of recreating the full path independently in
multiple files.
- Add a separate rule for building the doas binary, instead of creating
it in the "all" target. This avoids some unnecessary re-linking.
Calling setusercontext(3) makes per-user temporary storage work (see
per_user_tmp in security(7) and rc.conf(5)).
May as well also use reallocarray(3) from libc instead of the bundled
compat code.
version of the doas.conf file. Then allows the user to edit it.
The new configuration file is checked for syntax and then, if it passes,
is installed on the system. If the syntax check fails the user is asked
to fix any errors.
- Adjust the Makefile and the README for macOS / Darwin specific build instructions
- Add bsd-closefrom.c as a more portable version of closefrom(2), which was
obtained from the portable version of OpenSSH 8.1
- amalleo25
Provided cleaner fix for crash when user/command has
no valid match in the doas.conf file.
- amalleo25
Removed option to match UID with -u flag. Provided
usernames must now match a username, not UID. This was
ambigious if a user had a numeric username.
- Jesse
Added flag to display all warnings during compiling.
Added status checks when parsing user/group IDs for Linux.
Make sure Linux drops original user's groups when running as another user.
and PATH from the original user to the target user. This could cause
files in the wrogn path or home directory to be read (or written to),
which resulted in potential security problems.
This has been changed so that only DISPLAY and TERM are passed to the
new environment. This is fine for running command line programs. When
GUI programs need to be run, "keepenv" can be added to the user's
doas.conf entry. This results in variables like HOME being copied
to the target user, allowing GUI programs to run.
Many thanks to Sander Bos for reporting this issue and explaining
how it can be exploited.
This commit also adds the ability to pass a customized PATH to
target users. The new PATH can be set at compile time in the
Makefile. The default path is provided in the Makefile and commented
out.
commands matching the "cmd" parameter in doas.conf. The path
should be shortened to system-standard paths. This prevents
the user from injecting their own application with a familiar
name in their PATH variable and tricking doas into running it.