[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Verify validity of sudoers file when reconfiguring system.

From: Ludovic Courtès
Subject: Re: Verify validity of sudoers file when reconfiguring system.
Date: Mon, 24 Aug 2020 23:29:21 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Hi pkill9,

pkill9 <> skribis:

> Last time I tested, the sudoers file could be changed to anything in
> the guix system configuration, whether it's valid or not. This could
> result in someone being locked out of their system when root doesn't
> have a password, and they rely on sudo. Ideally, `guix system
> reconfigure` would fail if the specified sudoers file is invalid.
> I ran `visudo --help` and there are two flags that could be used for
> this: --check, which simply parses the sudoers file and checks that
> it's valid, and --file, which specifies which file to check.

Thanks a lot for the suggestion!  Commit
384377632c41c5c42e32889f4a239223aaae1ca9 implements exactly that.
Apparently ‘visudo --check’ doesn’t check whether the user/groups
mentioned exist though, so this kind of error could still occur.

The better fix would be to define record types or similar for the
sudoers list so we can better sanitize it.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]