wider support for privilege escalation tools

now supporting also pkexec (polkit daemon), suckless' sup and sud.dyne.org pkexec is autodetected when polkit is running manpage documents the --sudo flag which overrides any autodetection
2025-01-22 22:48:24 +00:00 · 2021-10-20 16:27:27 +02:00 · 2021-10-20 16:27:27 +02:00 · e0ba8c5f4d
commit e0ba8c5f4d
parent 90eec3d830
2 changed files with 49 additions and 23 deletions
--- a/doc/tomb.1
+++ b/doc/tomb.1
@ -260,7 +260,8 @@ the \fIsize\fR of the new file to be created. Units are megabytes (MiB).
 .B
 .IP "-g"
 Tell tomb to use a asymmetric GnuPG key encryption instead of a
-symmetric passphrase to protect a tomb key. This option can be followed by \fI-r\fR when the command needs to specify recipient(s).
+symmetric passphrase to protect a tomb key. This option can be
+followed by \fI-r\fR when the command needs to specify recipient(s).
 .B
 .IP "-r \fI<gpg_id>[,<gpg_id2>]\fR"
 Provide a new set of recipient(s) to encrypt a tomb key. \fIgpg_ids\fR
@ -274,6 +275,14 @@ used.  The actual time to wait depends on the CPU speed of the
 computer where the key is used.  Using 5 or 10 is a sane amount for
 modern computers, the value is multiplied by 1 million.
 .B
+.IP "--sudo \fI<executable>\fR"
+Select a different tool than sudo for privilege escalation.
+Alternatives supported so far are: pkexec, doas, sup, sud. For any
+alternative to work the executable must be included in the current
+PATH. Automatic selection of pkexec is made even without using this
+flag in case the executable is found and the polkit daemon is
+running. Manual use of this flag overrides any automatic selection.
+.B
 .IP "--sphx-user \fI<username>\fR"
 Activate the SPHINX feature for password-authenticated key agreement.
 This option indicates the \fI<username>\fR used to retrieve the
@ -368,7 +377,7 @@ command.
 .SH PRIVILEGE ESCALATION

 The tomb commandline tool needs to acquire super user rights to
-execute most of its operations: to do so it uses sudo(8), while
+execute most of its operations: so it uses pkexec(1) or sudo(8), while
 pinentry(1) is adopted to collect passwords from the user. Tomb
 executes as super user only when required.

--- a/59
+++ b/59
@ -45,10 +45,11 @@ typeset -a OLDARGS
 for arg in "${(@)argv}"; do OLDARGS+=("$arg"); done

 # Special command requirements
-typeset -a DD WIPE PINENTRY
+typeset -a DD WIPE PINENTRY SUDO
 DD=(dd)
 WIPE=(rm -f)
 PINENTRY=(pinentry)
+SUDO=(sudo)

 # load zsh regex module
 zmodload zsh/mapfile
@ -112,26 +113,10 @@ export TEXTDOMAIN=tomb

 # Wrap sudo with a more visible message or apply user-supplied alternative to sudo
 _sudo() {
-	if option_is_set --sudo; then
-		case `basename $(option_value --sudo)` in
-			"doas")
-				$(option_value --sudo) ${@}
-				;;
-			 *)
-				_failure "Only doas is supported as sudo alternative"
-				;;
-		esac
-		
-	else
-		local msg="[sudo] Enter password for user ::1 user:: to gain superuser privileges"
-		command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$msg")"
-		msg=${(S)msg//::1*::/$USER}
-		sudo -p "
-$msg
-
-" ${@}
-	fi
-	}
+    _message "Enter password for user ::1 user:: to gain superuser privileges" $USER
+    _message "Using ::1 exec:: for privilege escalation" $SUDO
+    ${=SUDO} ${@}
+}

 # Cleanup anything sensitive before exiting.
 _endgame() {
@ -898,6 +883,15 @@ _ensure_dependencies() {
 	# Ensure system binaries are available in the PATH
 	path+=(/sbin /usr/sbin) # zsh magic

+	# use pkexec in place of sudo if found in path and polkitd is running
+	command -v pkexec 1>/dev/null 2>/dev/null
+	[[ $? == 0 ]] && ps ax | grep '[p]olkitd' 1>/dev/null 2>/dev/null && {
+	    SUDO=(pkexec)	}
+	[[ "$SUDO" == "sudo" ]] && {
+	    command -v sudo 1>/dev/null 2>/dev/null ||
+		_failure "No privilege escalation tool found, not even sudo"
+	}
+
 	# Which dd command to use
 	command -v dcfldd 1>/dev/null 2>/dev/null && DD=(dcfldd statusinterval=1)

@ -3260,6 +3254,29 @@ main() {
 	# read -t or --tmp flags to set a custom temporary directory
 	option_is_set --tmp && TMPDIR=$(option_value --tmp)

+	option_is_set --sudo && {
+	    local _opt=`option_value --sudo`
+	    case $_opt in
+		"sudo") # the worst default ever
+		    SUDO=sudo
+		    ;;
+		"doas") # openbsd
+		    SUDO=doas
+		    ;;
+		"pkexec") # policykit
+		    SUDO=pkexec
+		    ;;
+		"sup") # https://sup.dyne.org
+		    SUDO=sup
+		    ;;
+		"sud") # https://sud.dyne.org
+		    SUDO=sud
+		    ;;
+		*)
+		    _failure "Invalid privilege escalation tool: ::1 exec::" $_opt
+		    ;;
+	    esac
+	}

 	# When we run as root, we remember the original uid:gid to set
 	# permissions for the calling user and drop privileges