From: sthen <sthen@openbsd.org>
Date: Thu, 4 Feb 2021 22:12:03 +0000 (+0000)
Subject: remove the suggestion to permit pkg_add with doas "nopass" when doing
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=420983479ddfa7f2eb13d13185fa3590c2fcfd81;p=openbsd

remove the suggestion to permit pkg_add with doas "nopass" when doing
ports dev work.

if you are able to run pkg_add as root without a password, your account
is root-equivalent.

typing the password multiple times is a pain but if somebody is going to
choose to weaken their local security in this way, it should be their
own decision and not something they have read in a manpage.

ok tb@ thfr@
---

diff --git a/share/man/man5/bsd.port.mk.5 b/share/man/man5/bsd.port.mk.5
index 93ee5bd9fbb..41c13cd4674 100644
--- a/share/man/man5/bsd.port.mk.5
+++ b/share/man/man5/bsd.port.mk.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: bsd.port.mk.5,v 1.536 2021/01/10 22:30:29 kn Exp $
+.\" $OpenBSD: bsd.port.mk.5,v 1.537 2021/02/04 22:12:03 sthen Exp $
 .\"
 .\" Copyright (c) 2000-2008 Marc Espie
 .\"
@@ -24,7 +24,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 10 2021 $
+.Dd $Mdocdate: February 4 2021 $
 .Dt BSD.PORT.MK 5
 .Os
 .Sh NAME
@@ -2598,31 +2598,23 @@ permit keepenv nopass solene as _pbuild
 permit keepenv nopass solene as _pfetch
 .Ed
 .Pp
+It is reasonably safe to allow your user id to run commands as the
+.Ev BUILD_USER
+or
+.Ev FETCH_USER
+and using
+.Ic nopass
+for these can save a lot of password entry, however it is inadvisable
+to allow commands like
+.Xr pkg_add 1
+to run as root without a password.
+.Pp
 Note that this also means that
 .Xr doas 1
 must be configured to work within the chroot
 created by
 .Xr proot 1 .
 .Pp
-If the regular user is not allowed to run privileged commands
-without entering a password,
-you may want these additional rules in
-.Xr doas.conf 5 ,
-to reduce the amount of times the password needs to be entered
-during ports work:
-.Bd -literal -offset indent
-permit nopass                   solene cmd /usr/bin/touch
-permit nopass setenv { \\
-       TRUSTED_PKG_PATH TERM }  solene cmd /usr/sbin/pkg_add
-permit nopass setenv { \\
-       TERM }                   solene cmd /usr/sbin/pkg_delete
-.Ed
-.Pp
-Also, in such a situation,
-the regular user will still need to enter their password when
-.Xr update-plist 1
-is invoked.
-.Pp
 As
 .Xr dpb 1
 does its own privilege dropping when run as root,