Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2025-02-08 23:08:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

wider support for privilege escalation tools

Browse Source 
now supporting also pkexec (polkit daemon), suckless' sup and
sud.dyne.org

pkexec is autodetected when polkit is running

manpage documents the --sudo flag which overrides any autodetection
This commit is contained in:
Jaromil 2021-10-20 16:27:27 +02:00
parent 90eec3d830
commit e0ba8c5f4d
2 changed files with 49 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
doc/tomb.1
View File

@ -260,7 +260,8 @@ the \fIsize\fR of the new file to be created. Units are megabytes (MiB).
.B .B
.IP "-g" .IP "-g"
Tell tomb to use a asymmetric GnuPG key encryption instead of a Tell tomb to use a asymmetric GnuPG key encryption instead of a
symmetric passphrase to protect a tomb key. This option can be followed by \fI-r\fR when the command needs to specify recipient(s). symmetric passphrase to protect a tomb key. This option can be
followed by \fI-r\fR when the command needs to specify recipient(s).
.B .B
.IP "-r \fI<gpg_id>[,<gpg_id2>]\fR" .IP "-r \fI<gpg_id>[,<gpg_id2>]\fR"
Provide a new set of recipient(s) to encrypt a tomb key. \fIgpg_ids\fR Provide a new set of recipient(s) to encrypt a tomb key. \fIgpg_ids\fR
@ -274,6 +275,14 @@ used. The actual time to wait depends on the CPU speed of the
computer where the key is used. Using 5 or 10 is a sane amount for computer where the key is used. Using 5 or 10 is a sane amount for
modern computers, the value is multiplied by 1 million. modern computers, the value is multiplied by 1 million.
.B .B
.IP "--sudo \fI<executable>\fR"
Select a different tool than sudo for privilege escalation.
Alternatives supported so far are: pkexec, doas, sup, sud. For any
alternative to work the executable must be included in the current
PATH. Automatic selection of pkexec is made even without using this
flag in case the executable is found and the polkit daemon is
running. Manual use of this flag overrides any automatic selection.
.B
.IP "--sphx-user \fI<username>\fR" .IP "--sphx-user \fI<username>\fR"
Activate the SPHINX feature for password-authenticated key agreement. Activate the SPHINX feature for password-authenticated key agreement.
This option indicates the \fI<username>\fR used to retrieve the This option indicates the \fI<username>\fR used to retrieve the
@ -368,7 +377,7 @@ command.
.SH PRIVILEGE ESCALATION .SH PRIVILEGE ESCALATION
The tomb commandline tool needs to acquire super user rights to The tomb commandline tool needs to acquire super user rights to
execute most of its operations: to do so it uses sudo(8), while execute most of its operations: so it uses pkexec(1) or sudo(8), while
pinentry(1) is adopted to collect passwords from the user. Tomb pinentry(1) is adopted to collect passwords from the user. Tomb
executes as super user only when required. executes as super user only when required.

57
tomb
View File

@ -45,10 +45,11 @@ typeset -a OLDARGS
for arg in "${(@)argv}"; do OLDARGS+=("$arg"); done for arg in "${(@)argv}"; do OLDARGS+=("$arg"); done
# Special command requirements # Special command requirements
typeset -a DD WIPE PINENTRY typeset -a DD WIPE PINENTRY SUDO
DD=(dd) DD=(dd)
WIPE=(rm -f) WIPE=(rm -f)
PINENTRY=(pinentry) PINENTRY=(pinentry)
SUDO=(sudo)
# load zsh regex module # load zsh regex module
zmodload zsh/mapfile zmodload zsh/mapfile
@ -112,25 +113,9 @@ export TEXTDOMAIN=tomb
# Wrap sudo with a more visible message or apply user-supplied alternative to sudo # Wrap sudo with a more visible message or apply user-supplied alternative to sudo
_sudo() { _sudo() {
if option_is_set --sudo; then _message "Enter password for user ::1 user:: to gain superuser privileges" $USER
case `basename $(option_value --sudo)` in _message "Using ::1 exec:: for privilege escalation" $SUDO
"doas") ${=SUDO} ${@}
$(option_value --sudo) ${@}
;;
*)
_failure "Only doas is supported as sudo alternative"
;;
esac
else
local msg="[sudo] Enter password for user ::1 user:: to gain superuser privileges"
command -v gettext 1>/dev/null 2>/dev/null && msg="$(gettext -s "$msg")"
msg=${(S)msg//::1*::/$USER}
sudo -p "
$msg
" ${@}
fi
} }
# Cleanup anything sensitive before exiting. # Cleanup anything sensitive before exiting.
@ -898,6 +883,15 @@ _ensure_dependencies() {
# Ensure system binaries are available in the PATH # Ensure system binaries are available in the PATH
path+=(/sbin /usr/sbin) # zsh magic path+=(/sbin /usr/sbin) # zsh magic
# use pkexec in place of sudo if found in path and polkitd is running
command -v pkexec 1>/dev/null 2>/dev/null
[[ $? == 0 ]] && ps ax | grep '[p]olkitd' 1>/dev/null 2>/dev/null && {
SUDO=(pkexec) }
[[ "$SUDO" == "sudo" ]] && {
command -v sudo 1>/dev/null 2>/dev/null ||
_failure "No privilege escalation tool found, not even sudo"
}
# Which dd command to use # Which dd command to use
command -v dcfldd 1>/dev/null 2>/dev/null && DD=(dcfldd statusinterval=1) command -v dcfldd 1>/dev/null 2>/dev/null && DD=(dcfldd statusinterval=1)
@ -3260,6 +3254,29 @@ main() {
# read -t or --tmp flags to set a custom temporary directory # read -t or --tmp flags to set a custom temporary directory
option_is_set --tmp && TMPDIR=$(option_value --tmp) option_is_set --tmp && TMPDIR=$(option_value --tmp)
option_is_set --sudo && {
local _opt=`option_value --sudo`
case $_opt in
"sudo") # the worst default ever
SUDO=sudo
;;
"doas") # openbsd
SUDO=doas
;;
"pkexec") # policykit
SUDO=pkexec
;;
"sup") # https://sup.dyne.org
SUDO=sup
;;
"sud") # https://sud.dyne.org
SUDO=sud
;;
*)
_failure "Invalid privilege escalation tool: ::1 exec::" $_opt
;;
esac
}
# When we run as root, we remember the original uid:gid to set # When we run as root, we remember the original uid:gid to set
# permissions for the calling user and drop privileges # permissions for the calling user and drop privileges