New package: please-0.3.17 #27037
New package: please-0.3.17 #27037
Conversation
edneville
force-pushed
the
master
branch
3 times, most recently
from
0df9464
to
30f3c6d
Compare
Good question. There hasn't been a formal security review. Maybe that is something for the future. Were you offering to sponsor? If so I would be willing to work with you on that. Thanks for reviewing, I think the template looks cleaner based on your review. I hope the alterations are good now so I've resolved those conversations. Reopen if there are more changes are required. |
Sorry, no :/ I was considering how inclusion into the distro would work, given that we have a responsibility for what we ship; and a sudo-like utility is a prime target. |
|
On 2020-12-09 11:29-0800, Érico Nogueira Rolim wrote:
> Were you offering to sponsor? If so I would be willing to work with you on that.
Sorry, no :/
I was considering how inclusion into the distro would work, given that
we have a responsibility for what we ship; and a sudo-like utility is
a prime target.
I understand your concern, there are two sides to this. Most distro
users understand regex, at least from grep/sed/rewriterule, (something
even in powershell) but few understand sudoers EBNF rules. Yes, it is
new, but the long term goal provides a good way to reliably delegate
access.
It will be good if it gets included, I think people will like it.
What were your thoughts?
|
Yes, there's something to be said for providing simpler security tools that can greatly increase the general security, due to being simpler to deploy. At the same time, we still have to minimally ensure that these tools don't introduce new holes. Since you're introducing a new tool into the field, the burden of proof for that is mostly on you. If I don't merge this new package, not much changes, and people who really want it can install it from elsewhere. If we do merge this package and someone finds an exploit or issue with it, then we (Void) share the responsibility for the number of affected people, since including it in our repository counts as vetting it. |
|
Note that Void has opendoas, based on a similar tool in OpenBSD's src. Secondly, there seems to already be a similar, older tool called please, packaged in FreeBSD, which can be a source of confusion for everyone. This project is called |
This is a good attitude, and one that makes me confident in Void for the same reasons that I like Debian.
The codebase is particularly small if that helps reduce concerns over attack surface, really Rust's Regex is doing the heavy lifting here.
I've looked at doas, which, for similar reasons to this project desired a smaller code base than sudo.
I used 'please' in as I thought that if someone wanted a sandwich they should ask 'please' first :) As I'm now aware of prior naming I'll update the project name where it isn't already 'pleaser'. I was aware of 'doas' but not that FreeBSD had a tool named 'please' too, I suppose it came from similar thinking. Importantly for this project, neither doas or gblach's please have regex command matching. doas is more limited than 'sudo' in that you cannot specify a range either, but if someone uses wildcards in a sudo argument without negations afterwards will likely suffer unfairly. This effort is to improve things, hopefully with a small codebase there will be fewer pains all round. |
edneville
force-pushed
the
master
branch
3 times, most recently
from
9d6c3f0
to
4ae814f
Compare
|
@ericonr, is this ready to merge now? |
|
I don't feel comfortable merging this myself (unless the situation around a review has changed?), and no other Void maintainer has stepped up to do it. Configuring such a tool using regex feels like a new enough paradigm (to me, at least), that beyond the implementation issues, there are probably new pitfalls to discover. For the reasons listed above, I will be closing this issue, to avoid giving the impression that some behind the scenes movement is happening in regards to it. Thanks for your interest in Void! |
Adding please, a simple regex-first sudo alternative in safe rust