VMAuth qubes-rpc policy for sudo prompts for target VM #3270

tasket · Nov 2, 2017

Qubes OS version:

R4.0rc2

Affected TemplateVMs:

all

Steps to reproduce the behavior:

Configure system for sudo prompting:

https://www.qubes-os.org/doc/vm-sudo/

Then run a 'sudo' command in a guest CLI

Expected behavior:

User gets a dom0 prompt asking only Yes/No (defaults to Yes so user can hit Enter)

Actual behavior:

User gets a dom0 prompt for inputting the name of a target VM

General notes:

This adds a level of potential confusion over auth prompts. There should be a way to specify in the policy whether or not user is prompted for a destination/target.

Related issues:

Indeed instruction should be updated, to include "ask,default_target=dom0" in policy.

…

-- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?

marmarek · Nov 2, 2017

Indeed instruction should be updated, to include "ask,default_target=dom0" in policy.

…

-- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?

On 11/02/17 12:11, Marek Marczykowski-Górecki wrote: Indeed instruction should be updated, to include "ask,default_target=dom0" in policy.

Would this cause a problem for R3.2, or would it ignore the extra parameter?

…

-- Chris Laprise, tasket@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

tasket · Nov 2, 2017

On 11/02/17 12:11, Marek Marczykowski-Górecki wrote: Indeed instruction should be updated, to include "ask,default_target=dom0" in policy.

Would this cause a problem for R3.2, or would it ignore the extra parameter?

…

-- Chris Laprise, tasket@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

On Thu, Nov 02, 2017 at 04:23:17PM +0000, tasket wrote: On 11/02/17 12:11, Marek Marczykowski-Górecki wrote: > Indeed instruction should be updated, to include > "ask,default_target=dom0" in policy. > Would this cause a problem for R3.2, or would it ignore the extra parameter?

It should work (ignore extra parameters).

…

-- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?

marmarek · Nov 2, 2017

On Thu, Nov 02, 2017 at 04:23:17PM +0000, tasket wrote: On 11/02/17 12:11, Marek Marczykowski-Górecki wrote: > Indeed instruction should be updated, to include > "ask,default_target=dom0" in policy. > Would this cause a problem for R3.2, or would it ignore the extra parameter?

It should work (ignore extra parameters).

…

-- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?

PR QubesOS/qubes-doc#510

tasket · Jan 10, 2018

PR QubesOS/qubes-doc#510

Thanks @tasket !

marmarek · Jan 19, 2018

Thanks @tasket !

andrewdavidwong added C: doc task labels Nov 2, 2017

andrewdavidwong added this to the Documentation/website milestone Nov 2, 2017

tasket referenced this issue in QubesOS/qubes-doc Jan 10, 2018
Merged
Add policy parameter for R4.0 #510

marmarek closed this Jan 19, 2018

QubesOS/qubes-issues

VMAuth qubes-rpc policy for sudo prompts for target VM #3270

tasket commented Nov 2, 2017

This comment has been minimized.

marmarek commented Nov 2, 2017

This comment has been minimized.

tasket commented Nov 2, 2017

This comment has been minimized.

marmarek commented Nov 2, 2017

andrewdavidwong added C: doc task labels Nov 2, 2017

andrewdavidwong added this to the Documentation/website milestone Nov 2, 2017

tasket referenced this issue in QubesOS/qubes-doc Jan 10, 2018

Add policy parameter for R4.0 #510

This comment has been minimized.

tasket commented Jan 10, 2018

This comment has been minimized.

marmarek commented Jan 19, 2018

marmarek closed this Jan 19, 2018

QubesOS/qubes-issues

Join GitHub today

VMAuth qubes-rpc policy for sudo prompts for target VM #3270

Comments

tasket commented Nov 2, 2017

Qubes OS version:

Affected TemplateVMs:

Steps to reproduce the behavior:

Expected behavior:

Actual behavior:

General notes:

Related issues:

This comment has been minimized.

marmarek Nov 2, 2017

marmarek commented Nov 2, 2017

This comment has been minimized.

tasket Nov 2, 2017

tasket commented Nov 2, 2017

This comment has been minimized.

marmarek Nov 2, 2017

marmarek commented Nov 2, 2017

andrewdavidwong added C: doc task labels Nov 2, 2017

andrewdavidwong added this to the Documentation/website milestone Nov 2, 2017

tasket referenced this issue in QubesOS/qubes-doc Jan 10, 2018

Add policy parameter for R4.0 #510

This comment has been minimized.

tasket Jan 10, 2018

tasket commented Jan 10, 2018

This comment has been minimized.

marmarek Jan 19, 2018

marmarek commented Jan 19, 2018

marmarek closed this Jan 19, 2018