mirror of
https://github.com/RGBCube/serenity
synced 2025-07-26 12:17:35 +00:00
pls: Drastically simplify this program
Since this program is setuid-root, it should be as simple as possible. To that end, remove `/etc/plsusers` and use filesystem permissions to achieve the same thing. `/bin/pls` is now only executable by `root` or members of the `wheel` group. Also remove all the logic that went to great lengths to `unveil()` a minimal set of filesystem paths that may be used for the command. The complexity-to-benefit ratio did not seem justified, and I think we're better off keeping this simple. Finally, remove pledge promises the moment they are no longer needed.
This commit is contained in:
Andreas Kling
parent
dfd988707c
commit
33f2eeea4a
4 changed files with 43 additions and 184 deletions
|
|
@ -10,8 +10,7 @@ $ pls [command]
|
|||
|
||||
## Description
|
||||
|
||||
Executes a command as the root user (uid and gid 0), given that the user executing `pls` is located in
|
||||
the plsusers file.
|
||||
Executes a command as superuser (UID and GID 0). This command is only available for users in the `wheel` group.
|
||||
|
||||
It is possible to execute commands that contain hyphenated options via the use of `--`, which signifies the
|
||||
end of command options. For example:
|
||||
|
|
@ -20,9 +19,6 @@ end of command options. For example:
|
|||
$ pls -- ls -la
|
||||
```
|
||||
|
||||
## Files
|
||||
/etc/plsusers - List of users that can run `pls`
|
||||
|
||||
## Examples
|
||||
|
||||
```sh
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue