OpenDoas
OpenDoas copied to clipboard
Duncaen
A portable fork of the OpenBSD `doas` command
`DEFAULT_PATH` replaces `safepath` for setting the `PATH` variable in the executed process's environment. `DEFAULT_PATH` follows the de-facto standard of Linux distributions which place `/usr/local` directories before their non-local counterparts in...
This commit backports an OpenBSD doas change which attempt to make doas more resistant to rowhammer attacks. A similar change has been committed to sudo last year. See: * https://github.com/openbsd/src/commit/38599afa1d1d1f14a897b01350e8ce94486e1788...
This is written from the perspective of Arch Linux. Some man page quotes or commands might be different on other distributions. I am using the [opendoas](https://archlinux.org/packages/community/x86_64/opendoas/) package. Excerpt of the...
Resolves https://github.com/Duncaen/OpenDoas/issues/82 https://github.com/Duncaen/OpenDoas/pull/102 was closed a few days ago, so I decided to take my shot. Took a look at the comments you left, and based my changes on that....
I understand that on a well-tuned system, the success of a timing attack is doubtful, but why not increase the security for free? [compare_in_constant_time.patch.txt](https://github.com/Duncaen/OpenDoas/files/12091934/compare_in_constant_time.patch.txt) ``` diff '--color=auto' -ru a/shadow.c b/shadow.c...
I saw in arch wiki that `sudo` has to be rebuild with the `--with-selinux` flag if SELinux is installed, but I cannot see similar thing available on OpenDoas.
Hello, Please fix [`safepath`](https://github.com/Duncaen/OpenDoas/blob/b96106b7e34ac591ae78b1684e9be3a265122463/doas.c#L241) so that `/usr/local/*` paths come before their `/usr/*` counterparts, this is the de-facto standard in all other applications. This prevents use-cases where executables in `/usr/local/bin` are...
This adds support for an `/etc/doas.d` configuration directory as discussed in #61. It is disabled by default. Fixes #61. cc @jirutka, @ncopa
wrong shell
Hello, When invoking the command `doas -s` and entering the user's password, the root login drops into the wrong shell (not bash). Using `su` produces the desired effect. This started...
