Closed aarondill closed 6 months ago
Just tested, it doesn't pass the password to doas, and 2 failed attempts it somehow counted as 3
The password is passed through stdin, but doas
doesn't process it. Also, it is called twice, one without stdin, once with (as noted above).
This will only work with doas
when the user has the nopass
privilege.
One tool that does work with this change is su - -c
(as su accepts input through stdin), though I believe a wrapper would be required to ensure that all arguments passed end up as one after the -c
(like the one below)
#!/usr/bin/env sh
exec su - -c "$*"
The difference is that su
asks for root's password, not your user's, like sudo and doas do
The difference is that
su
asks for root's password, not your user's, like sudo and doas do
This is true, but as I've already said, unless you can discover a way to pass the password to doas, we can only support any tools that accept the password through stdin (like, sudo
and su
)
My apologies for the delay. I completely overlooked this matter. Could you please resolve the conflicts first so we can proceed with the review? @aarondill
This update introduces a more sophisticated approach to command construction and execution in suda.vim
. By adding a dedicated function for building commands and refining how passwords are requested, the changes enhance both security and usability. Centralizing shell escaping ensures commands are safely constructed, reducing potential vulnerabilities.
File(s) | Summary |
---|---|
autoload/suda.vim |
Introduced s:get_command , improved suda#system , centralized shell escaping, and refined password interaction logic. |
🐰✨
In the realm of code, where commands are spun,
A rabbit hopped in, a mission begun.
With a leap and a bound, it refined the art,
Of constructing commands, so smart.
"To safety and ease!" it cheerfully sung,
As into the code, its magic it flung.
🌟🐇
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
@lambdalisue I've rebased this onto HEAD.
I've also introduced a few changes:
The checking introduced in https://github.com/lambdalisue/suda.vim/commit/257767d7977414210b6db9df0be39b9789d83978 is only done on 'sudo', since there's no guarantee that the user provided command will ever support not passing a password. Additionally, the user provided command is called the same way either way: user_sudo command
with no options.
Thanks a lot 🎉
This ensures that the sudo options work correctly, and creates rudimentary support for other commands (such as
doas
, see #40)This isn't perfect, but likely the best we can do (see my comment).
This change allows any command which accepts no password, or else a password from stdin to work. Any command set to
g:suda#executable
will be executed with no further arguments (so the user may need to provide any needed), and will be run, first with an empty stdin, then with the user's provided password as stdin. Further support would likely need to be added on a case-by-case basis and may quickly spiral out of control.Summary by CodeRabbit