From 392549ddf659fb0c56bd9c0ed7423d749971940e Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 08:06:56 +0000 Subject: kiss: Simpler elevation method FossilOrigin-Name: b2d50c0ace56009ca9fed94d047e4f073acf4a590dda4fa5d81a014a980ca8af --- kiss | 60 ++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 34 insertions(+), 26 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index c353568..2528e3d 100755 --- a/kiss +++ b/kiss @@ -45,6 +45,33 @@ prompt() { read -r _ } +root_cache() { + # This function simply mimics a 'su' prompt to then store + # the user's root password for the lifetime of the package + # manager. + # + # Think of this as the simplest method of "elevating" + # permissions where needed without the endless stream of + # password prompts. + printf 'Password: ' + stty -echo + read -r pass || read -r pass ||: + stty echo + printf '\n' + + # Validate the password now with a simple 'true' command + # as we don't yet need to elevate permissions. + root_run true +} + +root_run() { + # Run a command as root using the cached password. The 'su' + # command allows you to input a password via stdin. To hide + # the prompt, the command's output is sent to '/dev/tty' + # and the output of 'su' is sent to '/dev/null'. + echo "$pass" | su -c "$* >/dev/tty" >/dev/null +} + pkg_lint() { # Check that each mandatory file in the package entry exists. log "$1" "Checking repository files" @@ -880,17 +907,8 @@ pkg_updates() { git fetch git merge else - log "$PWD" "Need root to update" - - if command -v sudo >/dev/null; then - sudo git fetch - sudo git merge - elif command -v doas >/dev/null; then - doas git fetch - doas git merge - else - su -c 'git fetch && git merge' - fi + root_run git fetch + root_run git merge fi } done @@ -995,22 +1013,12 @@ args() { [ "$1" ] || die "'kiss $action' requires an argument" ;; - i|install|r|remove) - [ "$1" ] || die "'kiss $action' requires an argument" - - # Rerun the script with 'su' if the user isn't root. - # Cheeky but 'su' can't be used on shell functions themselves. - [ "$(id -u)" = 0 ] || { - if command -v sudo >/dev/null; then - sudo -E KISS_FORCE="$KISS_FORCE" kiss "$action" "$@" - elif command -v doas >/dev/null; then - KISS_FORCE="$KISS_FORCE" doas kiss "$action" "$@" - else - su -pc "KISS_FORCE=$KISS_FORCE kiss $action $*" - fi + i|install|r|remove|u|update) + [ "$1" ] || [ -z "${action##u*}" ] || + die "'kiss $action' requires an argument" - return - } + # Cache the root password for use where needed. + [ "$(id -u)" = 0 ] || root_cache ;; esac -- cgit v1.2.3 From d6a4f64db61b0c87ae9780693ef65a23992c220a Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 08:54:39 +0000 Subject: kiss: Run as root where needed FossilOrigin-Name: 2f32af0db7a320d91bd1e3240d29480abffaaca8066966fbb3e5ffdc5053b100 --- kiss | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index 2528e3d..47744b7 100755 --- a/kiss +++ b/kiss @@ -61,10 +61,10 @@ root_cache() { # Validate the password now with a simple 'true' command # as we don't yet need to elevate permissions. - root_run true + dosu true } -root_run() { +dosu() { # Run a command as root using the cached password. The 'su' # command allows you to input a password via stdin. To hide # the prompt, the command's output is sent to '/dev/tty' @@ -719,9 +719,9 @@ pkg_remove() { [ "${file##/etc/*}" ] || continue if [ -d "$KISS_ROOT/$file" ]; then - rmdir "$KISS_ROOT/$file" 2>/dev/null || continue + dosu rmdir "$KISS_ROOT/$file" 2>/dev/null || continue else - rm -f "$KISS_ROOT/$file" + dosu rm -f "$KISS_ROOT/$file" fi done < "$sys_db/$1/manifest" @@ -797,7 +797,7 @@ pkg_install() { # This is repeated multiple times. Better to make it a function. pkg_rsync() { - rsync --chown=root:root --chmod=Du-s,Dg-s,Do-s \ + dosu rsync --chown=root:root --chmod=Du-s,Dg-s,Do-s \ -WhHKa --no-compress "$1" --exclude /etc \ "$tar_dir/$pkg_name/" "$KISS_ROOT/" } @@ -808,7 +808,7 @@ pkg_install() { # If '/etc/' exists in the package, install it but don't overwrite. [ -d "$tar_dir/$pkg_name/etc" ] && - rsync --chown=root:root -WhHKa --no-compress --ignore-existing \ + dosu rsync --chown=root:root -WhHKa --no-compress --ignore-existing \ "$tar_dir/$pkg_name/etc" "$KISS_ROOT/" # Remove any leftover files if this is an upgrade. @@ -826,18 +826,18 @@ pkg_install() { # Remove files. if [ -f "$file" ] && [ ! -L "$file" ]; then - rm -f "$file" + dosu rm -f "$file" # Remove file symlinks. elif [ -L "$file" ] && [ ! -d "$file" ]; then - unlink "$file" ||: + dosu unlink "$file" ||: # Skip directory symlinks. elif [ -L "$file" ] && [ -d "$file" ]; then : # Remove directories if empty. elif [ -d "$file" ]; then - rmdir "$file" 2>/dev/null ||: + dosu rmdir "$file" 2>/dev/null ||: fi done ||: } @@ -853,7 +853,7 @@ pkg_install() { if [ -x "$sys_db/$pkg_name/post-install" ]; then log "$pkg_name" "Running post-install script" - "$sys_db/$pkg_name/post-install" ||: + dosu "$sys_db/$pkg_name/post-install" ||: fi log "$pkg_name" "Installed successfully" @@ -907,8 +907,8 @@ pkg_updates() { git fetch git merge else - root_run git fetch - root_run git merge + dosu git fetch + dosu git merge fi } done -- cgit v1.2.3 From 8243b4ff11960e4ef79cb31bd55983d031fcd862 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 09:10:52 +0000 Subject: kiss: fix args i issues FossilOrigin-Name: 3b8bd0855f52c6e130f615f9b66b728999496c6cfa7f177547688f275fca0fd3 --- kiss | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index 47744b7..731f6e1 100755 --- a/kiss +++ b/kiss @@ -65,6 +65,8 @@ root_cache() { } dosu() { + [ "$pass" ] || root_cache + # Run a command as root using the cached password. The 'su' # command allows you to input a password via stdin. To hide # the prompt, the command's output is sent to '/dev/tty' @@ -494,7 +496,9 @@ pkg_build() { # to 'su' to elevate permissions. [ -f "$bin_dir/$pkg#$version-$release.tar.gz" ] && { log "$pkg" "Found pre-built binary, installing" - (KISS_FORCE=1 args i "$bin_dir/$pkg#$version-$release.tar.gz") + + dosu KISS_FORCE=1 \ + kiss i "$bin_dir/$pkg#$version-$release.tar.gz" ||: # Remove the now installed package from the build # list. No better way than using 'sed' in POSIX 'sh'. @@ -581,7 +585,8 @@ pkg_build() { contains "$explicit" "$pkg" && [ -z "$pkg_update" ] && continue log "$pkg" "Needed as a dependency or has an update, installing" - (KISS_FORCE=1 args i "$pkg") + + dosu KISS_FORCE=1 kiss i "$bin_dir/$pkg#$version-$release.tar.gz" ||: done # End here as this was a system update and all packages have been installed. @@ -599,7 +604,7 @@ pkg_build() { log "Install built packages? [$*]" prompt && { - args i "$@" + dosu kiss i "$@" ||: return } } @@ -941,7 +946,7 @@ pkg_updates() { prompt pkg_build kiss - args i kiss + dosu kiss i kiss ||: log "Updated the package manager" log "Re-run 'kiss update' to update your system" @@ -974,6 +979,8 @@ pkg_updates() { pkg_clean() { # Clean up on exit or error. This removes everything related # to the build. + stty echo 2>/dev/null + [ "$KISS_DEBUG" != 1 ] || return # Block 'Ctrl+C' while cache is being cleaned. -- cgit v1.2.3 From 20087a409a02817a9c69dc779de4b74f88e94626 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 09:16:50 +0000 Subject: kiss: fix args i issues FossilOrigin-Name: 25c2f9011ce334fc0c4a529035c478bfc28ce92ba5d54685c80ee0c2ca527b0b --- kiss | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index 731f6e1..ce45dc3 100755 --- a/kiss +++ b/kiss @@ -497,8 +497,8 @@ pkg_build() { [ -f "$bin_dir/$pkg#$version-$release.tar.gz" ] && { log "$pkg" "Found pre-built binary, installing" - dosu KISS_FORCE=1 \ - kiss i "$bin_dir/$pkg#$version-$release.tar.gz" ||: + KISS_FORCE=1 \ + pkg_install "$bin_dir/$pkg#$version-$release.tar.gz" # Remove the now installed package from the build # list. No better way than using 'sed' in POSIX 'sh'. @@ -586,7 +586,8 @@ pkg_build() { log "$pkg" "Needed as a dependency or has an update, installing" - dosu KISS_FORCE=1 kiss i "$bin_dir/$pkg#$version-$release.tar.gz" ||: + KISS_FORCE=1 \ + pkg_install "$bin_dir/$pkg#$version-$release.tar.gz" done # End here as this was a system update and all packages have been installed. @@ -604,7 +605,7 @@ pkg_build() { log "Install built packages? [$*]" prompt && { - dosu kiss i "$@" ||: + dosu kiss i "$@" return } } @@ -945,8 +946,8 @@ pkg_updates() { prompt - pkg_build kiss - dosu kiss i kiss ||: + pkg_build kiss + pkg_install kiss log "Updated the package manager" log "Re-run 'kiss update' to update your system" -- cgit v1.2.3 From fdc238d49e192f7ed28b43cb6efc98c831ba752a Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 09:19:08 +0000 Subject: kiss: Fix install issues FossilOrigin-Name: 752c6c24aed267a61b6ffd441e455be306a35726344c478a7654dc4f8d3faeb1 --- kiss | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index ce45dc3..cb6753c 100755 --- a/kiss +++ b/kiss @@ -497,8 +497,8 @@ pkg_build() { [ -f "$bin_dir/$pkg#$version-$release.tar.gz" ] && { log "$pkg" "Found pre-built binary, installing" - KISS_FORCE=1 \ - pkg_install "$bin_dir/$pkg#$version-$release.tar.gz" + (KISS_FORCE=1 \ + pkg_install "$bin_dir/$pkg#$version-$release.tar.gz") # Remove the now installed package from the build # list. No better way than using 'sed' in POSIX 'sh'. @@ -586,8 +586,8 @@ pkg_build() { log "$pkg" "Needed as a dependency or has an update, installing" - KISS_FORCE=1 \ - pkg_install "$bin_dir/$pkg#$version-$release.tar.gz" + (KISS_FORCE=1 \ + pkg_install "$bin_dir/$pkg#$version-$release.tar.gz") done # End here as this was a system update and all packages have been installed. @@ -1129,6 +1129,11 @@ args() { } main() { + # Ensure that debug mode is never enabled to + # prevent internal package manager information + # from leaking to stdout. + set +x + # Set the location to the repository and package database. pkg_db=var/db/kiss/installed -- cgit v1.2.3 From 24c33e6ad99fae10f33a2b7dd5c3f4b100f44706 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 09:24:58 +0000 Subject: kiss: Only cache root on first need FossilOrigin-Name: 6cf67a86f8bcff7c01a162b751a31a81e62f982bc3745da00152211cc9a94c91 --- kiss | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index cb6753c..5107ff7 100755 --- a/kiss +++ b/kiss @@ -54,9 +54,9 @@ root_cache() { # permissions where needed without the endless stream of # password prompts. printf 'Password: ' - stty -echo - read -r pass || read -r pass ||: - stty echo + stty -F /dev/tty -echo + read -r pass /dev/null + stty -F /dev/tty echo 2>/dev/null [ "$KISS_DEBUG" != 1 ] || return @@ -1017,17 +1017,9 @@ args() { # Parse some arguments earlier to remove the need to duplicate code. case $action in - c|checksum|s|search) + c|checksum|s|search|i|install|r|remove) [ "$1" ] || die "'kiss $action' requires an argument" ;; - - i|install|r|remove|u|update) - [ "$1" ] || [ -z "${action##u*}" ] || - die "'kiss $action' requires an argument" - - # Cache the root password for use where needed. - [ "$(id -u)" = 0 ] || root_cache - ;; esac # Actions can be abbreviated to their first letter. This saves -- cgit v1.2.3 From f9aaeeeb9be8e1a35fc5680496167385b2b09083 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 09:29:19 +0000 Subject: kiss: drop root when running git if needed FossilOrigin-Name: 57c3fa1303c7b309078eb8dae6cfb33ea15ad89d50be873c185934cc5eb3cc8e --- kiss | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index 5107ff7..aa094a3 100755 --- a/kiss +++ b/kiss @@ -71,7 +71,7 @@ dosu() { # command allows you to input a password via stdin. To hide # the prompt, the command's output is sent to '/dev/tty' # and the output of 'su' is sent to '/dev/null'. - echo "$pass" | su -c "$* >/dev/tty" >/dev/null + echo "$pass" | su "${drop_to:-root}" -c "$* >/dev/tty" >/dev/null } pkg_lint() { @@ -912,9 +912,16 @@ pkg_updates() { if [ -w "$PWD" ]; then git fetch git merge + else + log "$PWD" "Need root to update" + + # Find out the owner of the repository and spawn + # git as this user below. + (drop_to=$(stat -c %U "$PWD") + dosu git fetch - dosu git merge + dosu git merge) fi } done -- cgit v1.2.3 From 1ed6a15a801de9dc46c0f99d1decfb05de6c27f2 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 09:32:16 +0000 Subject: kiss: remove calling itself FossilOrigin-Name: fdc4b20e7ce0c40137b27e2fef3f17ba385234fbcc5a64923410261d887fb8d2 --- kiss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'kiss') diff --git a/kiss b/kiss index aa094a3..07c4dca 100755 --- a/kiss +++ b/kiss @@ -605,7 +605,7 @@ pkg_build() { log "Install built packages? [$*]" prompt && { - dosu kiss i "$@" + args i "$@" return } } -- cgit v1.2.3 From bc9688e0a6f424f903565bd75e94cbaa774c5675 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 09:34:36 +0000 Subject: kiss: use heredoc FossilOrigin-Name: ff4dae791fbafc7fdb82e74413360e0b3deaa57cf8e42874151e0ab896939dd8 --- .editorconfig | 7 +++++++ kiss | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 .editorconfig (limited to 'kiss') diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..7b8413b --- /dev/null +++ b/.editorconfig @@ -0,0 +1,7 @@ +root = true + +# Force GitHub to display tabs +# mixed with [4] spaces properly. +[kiss] +indent_style = tab +indent_size = 4 diff --git a/kiss b/kiss index 07c4dca..bd95417 100755 --- a/kiss +++ b/kiss @@ -71,7 +71,9 @@ dosu() { # command allows you to input a password via stdin. To hide # the prompt, the command's output is sent to '/dev/tty' # and the output of 'su' is sent to '/dev/null'. - echo "$pass" | su "${drop_to:-root}" -c "$* >/dev/tty" >/dev/null + su "${drop_to:-root}" -c "$* >/dev/tty" <<-EOF >/dev/null + $pass + EOF } pkg_lint() { -- cgit v1.2.3 From 4ef971c0e4f55ced71a17432705093c09d05fc04 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 11:42:28 +0000 Subject: kiss: prompt for password before multi-build FossilOrigin-Name: 29d537a5ad6bcb9116c64918af7a8a3e2b36732d009ded8541296d3a8d921570 --- kiss | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'kiss') diff --git a/kiss b/kiss index bd95417..7d49ca7 100755 --- a/kiss +++ b/kiss @@ -479,7 +479,11 @@ pkg_build() { log "Building: $*" # Only ask for confirmation if more than one package needs to be built. - [ $# -gt 1 ] || [ "$pkg_update" ] && prompt + [ $# -gt 1 ] || [ "$pkg_update" ] && { + prompt + + [ "$pass" ] || root_cache + } log "Checking to see if any dependencies have already been built" log "Installing any pre-built dependencies" -- cgit v1.2.3 From baaad2f31826c78c9858b19075644998a4ba94d0 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 11:49:41 +0000 Subject: kiss: don't run as root FossilOrigin-Name: 22e3e5f5ec1228fbe99e39d09aa34a23f833d3e33a1a415661aa326b5372cc20 --- kiss | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'kiss') diff --git a/kiss b/kiss index 7d49ca7..8303bae 100755 --- a/kiss +++ b/kiss @@ -1139,6 +1139,10 @@ main() { # from leaking to stdout. set +x + # Prevent the package manager from running as root. The package + # manager will elevate permissions where needed. + [ "$(id -u)" != 0 ] || die "kiss must be run as a normal user" + # Set the location to the repository and package database. pkg_db=var/db/kiss/installed -- cgit v1.2.3 From 06cb73aff474a1258ef28aa81fa92020c45e47fe Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 20:18:20 +0000 Subject: docs: update FossilOrigin-Name: 4a7d42865ea6e168cb79846323e1a210b6d89f9c7814f1efc77f701f1963c7ef --- kiss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'kiss') diff --git a/kiss b/kiss index 8303bae..13283d9 100755 --- a/kiss +++ b/kiss @@ -61,7 +61,7 @@ root_cache() { # Validate the password now with a simple 'true' command # as we don't yet need to elevate permissions. - dosu true + dosu /bin/true } dosu() { -- cgit v1.2.3 From 3d3eb22bea63898d945796d9b6f926f36de92c43 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 21:26:19 +0000 Subject: kiss: Add comments FossilOrigin-Name: 74c80c4c5f375f8f7f327cbb9f3fd182067a7849ab92e27dc100a09ea9113798 --- kiss | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 80 insertions(+), 11 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index 13283d9..3f1aef1 100755 --- a/kiss +++ b/kiss @@ -47,33 +47,98 @@ prompt() { root_cache() { # This function simply mimics a 'su' prompt to then store - # the user's root password for the lifetime of the package - # manager. + # the root password for the lifetime of the package manager. # - # Think of this as the simplest method of "elevating" - # permissions where needed without the endless stream of - # password prompts. + # This function is called once when needed to cache the + # password. The password is not accessible to any subprocesses + # and should never leave the package manager's process. + # + # This behavior is needed as there is no POSIX shell method + # of running a shell function as a different user. We can't + # selectively lower or raise permissions in a seamless way + # through "normal" means. + # + # Root is only needed when installing/removing packages whereas + # non-root permissions are needed in countless places throughout. + # + # This is the only *workable* solution to 1) not run the entire + # package manager as root and 2) avoid prompting for password + # before, during and after builds numerous times. + # + # NOTE: Careful consideration has been taken in regards to this + # change and I would have loved an inconspicuous solution + # to this problem... but it doesn't exist. + # + # This change was needed as the existing behavior was not ideal + # in any way and needed to be fixed. printf 'Password: ' + + # Disable echoing to the terminal while the password is inputted + # by the user. The below commands read from '/dev/tty' to ensure + # they work when run from a subshell. stty -F /dev/tty -echo - read -r pass /dev/tty" <<-EOF >/dev/null - $pass - EOF + dosudo() { su "${drop_to:-root}" -c "$* >/dev/tty" >/dev/null; } + + # The code below uses the most secure method of sending + # data over stdin based on what is available in the system. + # + # The great debate: Use a heredoc or echo+pipe for password + # input over stdin? Time to explain. + # + # 1) 'printf | cmd' is the most secure IF 'printf' is built + # into the shell and NOT an external command. When 'printf' + # is external, the password WILL be leaked over '/proc'. + # + # Safe shells here are anything with a builtin 'printf', + # 'ash', 'dash', 'bash' and most other shells. + # + # 2) Using a heredoc is as secure as the above method (when + # builtin) IF and only IF the user's shell implements + # heredocs WITHOUT the use of temporary files (See bash!). + # + # When using heredocs and a temporary file the risk is a + # tiny window in which the input is available inside of + # a temporary file. + # + # 'ash' and 'dash' are safe here, 'bash' is not ('bash' + # falls under (1) however). + # + # Which is best? (order is best to worst) + # + # 1) builtin 'printf'. + # 2) heredocs with no temporary file. + # 3) heredocs with a temporary file. + # + # This code below follows the above ordering when deciding + # which method to use. The '$heredocs' variable is declared + # in 'main()' after a check to see if 'printf' is builtin. + if [ "$heredocs" ]; then + dosudo "$@" <<-EOF + $pass + EOF + else + printf '%s\n' "$pass" | dosudo "$@" + fi } pkg_lint() { @@ -1143,6 +1208,10 @@ main() { # manager will elevate permissions where needed. [ "$(id -u)" != 0 ] || die "kiss must be run as a normal user" + # Use the most secure method of sending data over stdin based on + # whether or not the 'printf' command is built into the shell. + [ "$(command -v printf)" = printf ] || heredocs=1 + # Set the location to the repository and package database. pkg_db=var/db/kiss/installed -- cgit v1.2.3 From 2f002b1400b747d1348746a1033d62d7a1207da1 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 21:27:34 +0000 Subject: docs: update FossilOrigin-Name: f056c5fcec4918f0348bf86910aaa36453e7d83860e6dfbdc0679f09308bd0c7 --- kiss | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index 3f1aef1..acd1582 100755 --- a/kiss +++ b/kiss @@ -1199,9 +1199,8 @@ args() { } main() { - # Ensure that debug mode is never enabled to - # prevent internal package manager information - # from leaking to stdout. + # Ensure that debug mode is never enabled to prevent internal + # package manager information from leaking to stdout. set +x # Prevent the package manager from running as root. The package -- cgit v1.2.3 From 38cc93f53096d38cc02f2b83e5635ff8903e2ce3 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 21:33:30 +0000 Subject: kiss: Don't use pass where unneeded FossilOrigin-Name: 9f3d7e2705c6164090445ebac7a8aad808a7b9c877df12fcb0347d60ace48b85 --- kiss | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index acd1582..dd3b6bd 100755 --- a/kiss +++ b/kiss @@ -84,11 +84,11 @@ root_cache() { # Validate the password now with a simple 'true' command as we # don't yet need to elevate permissions. - dosu /bin/true + dosu /bin/true && have_pw=1 } dosu() { - [ "$pass" ] || root_cache + [ "$have_pw" ] || root_cache # Declare this as a function to avoid repeating it twice # below. Great naming of functions all around. @@ -547,7 +547,7 @@ pkg_build() { [ $# -gt 1 ] || [ "$pkg_update" ] && { prompt - [ "$pass" ] || root_cache + [ "$have_pw" ] || root_cache } log "Checking to see if any dependencies have already been built" -- cgit v1.2.3 From 94cf07d24bb9e47b5fe48ac8145464b37c205148 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 21:36:50 +0000 Subject: kiss: comment FossilOrigin-Name: b4fd8ba4cc83a0cf450310464a1e2c19825486bcae7d484f3ad9169fd120dff5 --- kiss | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'kiss') diff --git a/kiss b/kiss index dd3b6bd..fbd2ccb 100755 --- a/kiss +++ b/kiss @@ -84,6 +84,10 @@ root_cache() { # Validate the password now with a simple 'true' command as we # don't yet need to elevate permissions. + # + # Rather than checking if the '$pass' variable is non-empty, + # use an additional variable. The '[' command can be external + # which would result in '/proc' leakage. dosu /bin/true && have_pw=1 } -- cgit v1.2.3 From 68c7ab7473f68cbae78010ba1335541deb85154d Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 21:46:26 +0000 Subject: kiss: fix cache FossilOrigin-Name: 6865e6737fb8182ed991e7faa7ee7c3d11df8d1570207f89abe69f0732a18fa4 --- kiss | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index fbd2ccb..dc33b8a 100755 --- a/kiss +++ b/kiss @@ -77,22 +77,18 @@ root_cache() { # by the user. The below commands read from '/dev/tty' to ensure # they work when run from a subshell. stty -F /dev/tty -echo - read -r pass < /dev/tty ||: + read -r pass < /dev/tty && cached=1 stty -F /dev/tty echo printf '\n' # Validate the password now with a simple 'true' command as we # don't yet need to elevate permissions. - # - # Rather than checking if the '$pass' variable is non-empty, - # use an additional variable. The '[' command can be external - # which would result in '/proc' leakage. - dosu /bin/true && have_pw=1 + dosu /bin/true } dosu() { - [ "$have_pw" ] || root_cache + [ "$cached" ] || root_cache # Declare this as a function to avoid repeating it twice # below. Great naming of functions all around. @@ -551,7 +547,7 @@ pkg_build() { [ $# -gt 1 ] || [ "$pkg_update" ] && { prompt - [ "$have_pw" ] || root_cache + [ "$cached" ] || root_cache } log "Checking to see if any dependencies have already been built" -- cgit v1.2.3 From b404e0f2d04d7343da102380862ffa78b829e49c Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 21:51:31 +0000 Subject: kiss: comment FossilOrigin-Name: ef01e7bc315600cc66246410bd2957ccc690ed66eb4285ab694ed47a48f8e17d --- kiss | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'kiss') diff --git a/kiss b/kiss index dc33b8a..db2f13f 100755 --- a/kiss +++ b/kiss @@ -76,6 +76,10 @@ root_cache() { # Disable echoing to the terminal while the password is inputted # by the user. The below commands read from '/dev/tty' to ensure # they work when run from a subshell. + # + # The variable '$cached' is used to check if we've been here + # before. We cannot check whether or not '$pass' is empty as the + # '[' command may be external which would result in /proc leakage. stty -F /dev/tty -echo read -r pass < /dev/tty && cached=1 stty -F /dev/tty echo -- cgit v1.2.3 From 609ac8178e6695c2ac834fcf8bbd61cef0901d78 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 21:53:36 +0000 Subject: kiss: comment FossilOrigin-Name: 17ac0a28193e0de82b31838b5666eb3dcff3b702dd717de276da0288df4473e5 --- kiss | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'kiss') diff --git a/kiss b/kiss index db2f13f..0243004 100755 --- a/kiss +++ b/kiss @@ -551,6 +551,10 @@ pkg_build() { [ $# -gt 1 ] || [ "$pkg_update" ] && { prompt + # Prompt for password prior to the build if more than one package + # will be built and installed. No use in forcing the user to wait + # for the first password prompt (before caching) if it may take a + # long long while. [ "$cached" ] || root_cache } -- cgit v1.2.3 From 0a590f0e38c126825912405045d9b2b12d6c44c9 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 21:58:07 +0000 Subject: kiss: comment FossilOrigin-Name: 12302afda42af41497ea4025597c8786a17eb6b89f01959826aa5403f1557799 --- kiss | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'kiss') diff --git a/kiss b/kiss index 0243004..7db2fd4 100755 --- a/kiss +++ b/kiss @@ -997,6 +997,10 @@ pkg_updates() { # Find out the owner of the repository and spawn # git as this user below. + # + # This prevents 'git' from changing the original + # ownership of files and directories in the rare + # case that the repository is owned by a 3rd user. (drop_to=$(stat -c %U "$PWD") dosu git fetch -- cgit v1.2.3 From 0906940147719272b6881a8b66e528665644d283 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 22:10:08 +0000 Subject: kiss: Ensure all arguments sent to dosu are quoted FossilOrigin-Name: 00aa2010d48a143dc45b32e1c813cc6eb976f8ef3d5aa205eddd186ee0e0f1ed --- kiss | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'kiss') diff --git a/kiss b/kiss index 7db2fd4..3b7de2e 100755 --- a/kiss +++ b/kiss @@ -804,9 +804,9 @@ pkg_remove() { [ "${file##/etc/*}" ] || continue if [ -d "$KISS_ROOT/$file" ]; then - dosu rmdir "$KISS_ROOT/$file" 2>/dev/null || continue + dosu rmdir "'$KISS_ROOT/$file'" 2>/dev/null || continue else - dosu rm -f "$KISS_ROOT/$file" + dosu rm -f "'$KISS_ROOT/$file'" fi done < "$sys_db/$1/manifest" @@ -884,7 +884,7 @@ pkg_install() { pkg_rsync() { dosu rsync --chown=root:root --chmod=Du-s,Dg-s,Do-s \ -WhHKa --no-compress "$1" --exclude /etc \ - "$tar_dir/$pkg_name/" "$KISS_ROOT/" + "'$tar_dir/$pkg_name/'" "'$KISS_ROOT/'" } # Install the package by using 'rsync' and overwrite any existing files @@ -894,7 +894,7 @@ pkg_install() { # If '/etc/' exists in the package, install it but don't overwrite. [ -d "$tar_dir/$pkg_name/etc" ] && dosu rsync --chown=root:root -WhHKa --no-compress --ignore-existing \ - "$tar_dir/$pkg_name/etc" "$KISS_ROOT/" + "'$tar_dir/$pkg_name/etc'" "'$KISS_ROOT/'" # Remove any leftover files if this is an upgrade. [ "$old_manifest" ] && { @@ -911,18 +911,18 @@ pkg_install() { # Remove files. if [ -f "$file" ] && [ ! -L "$file" ]; then - dosu rm -f "$file" + dosu rm -f "'$file'" # Remove file symlinks. elif [ -L "$file" ] && [ ! -d "$file" ]; then - dosu unlink "$file" ||: + dosu unlink "'$file'" ||: # Skip directory symlinks. elif [ -L "$file" ] && [ -d "$file" ]; then : # Remove directories if empty. elif [ -d "$file" ]; then - dosu rmdir "$file" 2>/dev/null ||: + dosu rmdir "'$file'" 2>/dev/null ||: fi done ||: } @@ -938,7 +938,7 @@ pkg_install() { if [ -x "$sys_db/$pkg_name/post-install" ]; then log "$pkg_name" "Running post-install script" - dosu "$sys_db/$pkg_name/post-install" ||: + dosu "'$sys_db/$pkg_name/post-install'" ||: fi log "$pkg_name" "Installed successfully" -- cgit v1.2.3 From 0d576c7eccc8183e72b675b18a49d6b5c40f5e83 Mon Sep 17 00:00:00 2001 From: "dylan.araps@gmail.com" Date: Mon, 27 Jan 2020 22:41:09 +0000 Subject: kiss: read empty IFS FossilOrigin-Name: 42cb7f49f2b9c6870ef75a7fb22376fddedbedb9dc387299911f9741d26abfe7 --- kiss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'kiss') diff --git a/kiss b/kiss index 3b7de2e..28b0161 100755 --- a/kiss +++ b/kiss @@ -81,7 +81,7 @@ root_cache() { # before. We cannot check whether or not '$pass' is empty as the # '[' command may be external which would result in /proc leakage. stty -F /dev/tty -echo - read -r pass < /dev/tty && cached=1 + IFS= read -r pass < /dev/tty && cached=1 stty -F /dev/tty echo printf '\n' -- cgit v1.2.3