| Age | Commit message (Collapse) | Author |
|---|
|
This allows using pls on a program with arguments more ergonomically,
e.g. `pls -- echo "hello friends"` can now simply be done as:
`pls echo "hello friends"`.
|
|
|
|
To encourage users to use the SecretString API, change the API so that
Account::authenticate only accepts a SecretString.
|
|
We shouldn't let secrets sit around in memory, as they could potentially
be retrieved by an attacker, or left in memory during a core dump.
|
|
Commands may be executed as a specific user by passing the user's UID to
the '-u' flag in pls.
|
|
|
|
Since this program is setuid-root, it should be as simple as possible.
To that end, remove `/etc/plsusers` and use filesystem permissions to
achieve the same thing. `/bin/pls` is now only executable by `root` or
members of the `wheel` group.
Also remove all the logic that went to great lengths to `unveil()` a
minimal set of filesystem paths that may be used for the command.
The complexity-to-benefit ratio did not seem justified, and I think
we're better off keeping this simple.
Finally, remove pledge promises the moment they are no longer needed.
|
|
|
|
As per comment found in #6319 by @bcoles, `pls` should check the
permissions and owner of the sudoers file to ensure that it hasn't
been compromised.
|
|
|
