Date: Sat, 29 May 2021 02:36:30 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 256233] security/doas: target user's login class gets ignored Message-ID: <bug-256233-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D256233 Bug ID: 256233 Summary: security/doas: target user's login class gets ignored Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: bugs.freebsd@scourger.nl CC: jsmith@resonatingmedia.com CC: jsmith@resonatingmedia.com Flags: maintainer-feedback?(jsmith@resonatingmedia.com) ## Environment The bug was found on FreeBSD 12.2-RELEASE GENERIC amd64 with doas-6.3p4 installed. But it will most likely manifest itself on all FreeBDS versions = and architectures. The system has 2 regular user accounts named alice and bob. Both accounts belong to a non-default login class, and alice is allowed to use doas to execute commands as bob. ## Problem description When running a command with doas, the target user's login class is ignored.= The capabilities from the default login class are applied instead of the ones defined in the target user's class. For example: $ doas -u bob ulimit -a Shows limits as defined for the default login class instead of those defined for bob's login class. $ doas -u bob locale Prints the locale from the default login class instead of the one defined in bob's actual login class. Expected behaviour: $ doas -u bob ulimit -a Show the limits that are defined in /etc/login.conf for bob's login class. A quick test seems to affirm that this is what happens on OpenBSD. $ doas -u bob locale Show the locale defined in /etc/login.conf for bob's login class. ## How to reproduce Add login classes 'alice' and 'bob' to login.conf. Each off the classes has= a different language and memory limit: # diff -u login.conf.orig login.conf --- login.conf.orig 2021-05-29 01:45:22.537277000 +0200 +++ login.conf 2021-05-29 02:59:28.979606000 +0200 @@ -49,6 +49,16 @@ :ignoretime@:\ :umask=3D022: +alice:\ + :lang=3Den_CA.UTF-8:\ + :memoryuse=3D8G:\ + :tc=3Ddefault: +bob:\ + :lang=3Den_US.UTF-8:\ + :memoryuse=3D4G:\ + :tc=3Ddefault: Create users alice and bob, each belonging to their respective login class. A single line is added to doas.conf: permit nopass alice as bob Log in as user alice, and check that her memory limit and language are appl= ied: alice@doas-bug:~ $ ulimit -m 8388608 alice@doas-bug:~ $ locale | grep LANG LANG=3Den_CA.UTF-8 Now run the same commands with doas, and observe that the limit and language are taken from the default login class: alice@doas-bug:~ $ doas -u bob ulimit -m unlimited alice@doas-bug:~ $ doas -u bob locale | grep LANG LANG=3D The expected result is that limits from class 'bob' are be applied (as happ= ens on OpenBSD). Logging in as bob shows the expected limits: bob@doas-bug:~ $ ulimit -m 4194304 bob@doas-bug:~ $ locale | grep LANG LANG=3Den_US.UTF-8 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-256233-7788>