On 31.10.18 10:42, Markus Rosjat wrote:
> Hi all,
>
> just something I notice while trying out stuff with doas and my python
> scripts. If you do a mistake and have a syntax error in the doas.conf
> file you can easily look you self out from root privilages :(
>
> consider a a case where your root has no pw, you are the guy in the
> wheel group and of course you have only this line
>
> permit persist keepenv :wheel
>
> so far everything is peachy ok we are going to add a new line
>
> permit nopass foo as root cmt /root/scripts/dosomething
>
> and we save it ... ups we did a mistake an like to fix it, no worries we
> can ... or cant we?
>
> doas vi /etc/doas.conf
>
> doas: syntax error at line 15
>
>
> at this point you are a bit screwed because you cant edit the doas.conf
> you cant reboot you only way seems to be a switch off. Ok maybe there
> other was but hey I'm no pro Im a simple user and its a vm so switch it
> off. Boot in single user mode, make a fsck because , mount the
> patritions, export the TERM var so yu get a vi. Well seems we are back
> in business but no we cant edit /etc/doas.conf. Doesnt matter we came so
> far we simply copy the exmaple to /etc and be done with it. At that
> point 5 to 10 min of your life is wasted with silly stuff but you may
> have learn at least one thing ... read again what you just wrote before
> you save it :)
>
>
> Have a nice day list :) and happy helloween
>
> --
> Markus Rosjat fon: +49 351 8107224 mail: rosjat@ghweb.de
>
> G+H Webservice GbR Gorzolla, Herrmann
> Königsbrücker Str. 70, 01099 Dresden
>
> http://www.ghweb.de
> fon: +49 351 8107220 fax: +49 351 8107227
>
> Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
>
Losing ten minutes time because of a mistake you've made all by yourself
made you write this useles mail. Imagine how many times you could have
read the man page of doas(8) and find out that there is the parameter -C
to check the config file.
Cheers,
Bruno
--
Don't trust a man wearing a better suit than your own
No comments:
Post a Comment