Date: Mon, 08 Aug 2016 02:07:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 211622] security/doas: doas doesn't enforce correct uid and gid with -u switch Message-ID: <bug-211622-13-7pr4SHi4Ur@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-211622-13@https.bugs.freebsd.org/bugzilla/> References: <bug-211622-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211622 --- Comment #3 from telnetuserid@sdf.org --- I've compiled doas from upstream. The correct uid and gid is enforced, but the issuer egid and groups identification is still exposed. Can you make "portable" doas behave more like sudo or OpenBSD doas? Doas utility doesn't need to expose caller's egid and groups with -u switch. Ju= st plain uid, gid, and groups for the user to switch. Doas compiled from upstream commit 8bec4dcaa6afb6f6b480a720edbc896bcb9ac69d # id uid=3D0(root) gid=3D0(wheel) groups=3D0(wheel),5(operator) # doas -u nobody id uid=3D65534(nobody) gid=3D65534(nobody) egid=3D0(wheel) groups=3D0(wheel),5= (operator) # sudo -u nobody id uid=3D65534(nobody) gid=3D65534(nobody) groups=3D65534(nobody) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211622-13-7pr4SHi4Ur>