Comments (7)
I've tested this and it works as expected on FreeBSD.
On Linux it was echoing the password when a pipe was used, which is obviously not good. I've fixed that.
On Linux piped data is not being forwarded to the command run by doas, it is intercepted by doas. Will look into that further.
from doas.
Is there any progress about this, as mentioned above?
from doas.
No, and there probably won't be until someone submits a patch for Linux compatibility that doesn't break other platforms.
from doas.
it doesn't seem like this does any tty or pty handling at all?
This is the basic stuff needed for securely reading the password AFAIK: https://github.com/sudo-project/sudo/blob/9e111eae57524ca72002ad1db36eb68ccd50b167/src/tgetpass.c#L110-L284
I don't think that is linux specific.
from doas.
This is Linux specific, the other platforms just handle this, basically automatically.
from doas.
Quoting my suggested solution from Duncaen/OpenDoas#21
It turns out i found a pretty good workaround for this by using
expect
for automatically entering input on interactive prompts, i ended up with something like this:#!/usr/bin/expect spawn doas -- pacman --noconfirm -U yay-bin-10.2.3-1-x86_64.pkg.tar.zst expect "Password: " {send -- "password\r"} expect eofHope it helps someone :)
from doas.
This is not a strictly problem in doas. This is a difference between the basic default "glass TTY" conversation functions supplied by LinuxPAM on Linux, by OpenPAM on the BSDs, and by doas itself.
- The
openpam_ttyconv()
function in OpenPAM opens/dev/tty
if standard input is not a terminal. - The
misc_conv()
function in LinuxPAM does nothing at all if standard input is not a terminal. - The
pam_tty_conv()
supplied by doas itself for Illumos just blithely assumes that standard input is a terminal.
It wouldn't be hard to adapt the Illumos pam_tty_conv()
to Linux, and make it better for Illumos as a side-effect. But that would only fix this problem for "doas" and not fix it for everything else that uses LinuxPAM and hits the same problem for the same reason.
There's no bug filed about this at the LinuxPAM bug tracker directly nor at the Debian bug tracker nor at the Ubuntu bug tracker. The LinuxPAM bug tracker is definitely the place for you to go with this, @dw. (-:
from doas.
Related Issues (20)
- how do you enable --with-timestamp HOT 1
- doas: Operation not permitted HOT 1
- Sudo askpass analog HOT 1
- Add -e known from sudo HOT 3
- persist is not effective if doas comes after /usr/bin/time. HOT 1
- [Git master] Vulnerable to privilege escalation using ioctls `TIOCSTI` and `TIOCLINUX` HOT 4
- doas: authentication failed on OPNsense HOT 10
- FreeBSD port: `vidoas` script has wrong default `doas.conf` file path HOT 4
- FreeBSD port: `stdout` of sub command got redirected to `stderr` HOT 5
- using 'nopass' still asking for password HOT 10
- doas: syntax error at line 1 HOT 8
- How can I make doas show symbols or asteriks when I type my password, since I want some feedback when typing my password? HOT 1
- `persist` option does not work HOT 1
- become POSIX compliant HOT 3
- `doas` hangs when doas command pipes into another doas command HOT 1
- Request for Pacstall Support HOT 1
- It doesn't seems to work in Solus HOT 1
- ´doas -u user´ results in "doas: Operation not permitted" HOT 5
- doas: syntax error at line 1 HOT 1
- How to uninstall/purge doas? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from doas.