/doas

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doas always works, even with wrong password #2

Closed
slicer69 opened this Issue Jun 24, 2016 · 1 comment

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@slicer69
@slicer69
Owner

slicer69 commented Jun 24, 2016

I have found that the latest snapshot of doas always succeeds for any permitted user in the doas.conf file, even when the wrong password has been provided. This means any user listed with "permit" in the doas file can run any command granted to them, even if they provide the wrong password.

@t6 t6 referenced this issue Jun 24, 2016

Closed

Password prompt goes to stdout #3

@slicer69

This comment has been minimized.

Show comment
Hide comment
@slicer69

slicer69 Jun 24, 2016

Owner

Fixed in latest commit.
Owner

slicer69 commented Jun 24, 2016

Fixed in latest commit.

@slicer69 slicer69 closed this Jun 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment