Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
en:philosophy:sudo_complexity [2022/03/26 20:13] i3_relativism create first draft for this page |
en:philosophy:sudo_complexity [2022/11/03 14:08] (current) throgh [Solution with a strict and lightweight replacement] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | doas - dedicated openbsd application subexecutor | + | ====== The complexity |
- | Three days of the doas. | + | |
- | I started working on doas quite some time ago after some personal issues | + | Starting |
- | The core of the problem | + | ===== Introduction and basic problem |
- | Writing a small simple replacement meant that we could ship something in base which was totally unsuitable | + | The program <color # |
- | The code was just sitting around in a spare source tree for a while because | + | Documented reports like [[https:// |
- | Talking with deraadt and millert, however, I wasn’t quite alone. | + | There are furthermore issues reported with the default <color # |
- | First, doas needed a new name because nobody ever likes the first name. A few suggestions were made. sux (already taken by su, now with more X. machtfrei (too many letters). powershell (if only). datass (submitted after contest end). | + | ===== Solution |
- | In to cvs it went as doas. Incidentally, | + | Using <color # |
- | + | ||
- | And then the real hacking and chopping could begin. I always thought the most important feature of sudo was that it insulted the user after entering a bad password. Apparently the world is filled with poor typists; the first diff to doas was to add a config option noinsults. Unfortunately, | + | |
- | + | ||
- | Deleting | + | |
- | + | ||
- | The config file syntax is crudely inspired by pf.conf. Instead | + | |
- | + | ||
- | We’ve been contemplating | + | |
- | + | ||
- | Coming full circle, the majority of tweaking and polishing of doas now appears to have returned to refinement of the good environment list and the bad environment list. I have built the thing I hate. At least it’s small. | + | |
- | + | ||
- | The doas code lives in cvs. | + | |
- | + | ||
- | doas was created to run on OpenBSD. I suppose you could port it, but I don’t plan to. Figuring out a replacement for auth_userokay is probably the hard part. | + |