33f2eeea4a
Since this program is setuid-root, it should be as simple as possible. To that end, remove `/etc/plsusers` and use filesystem permissions to achieve the same thing. `/bin/pls` is now only executable by `root` or members of the `wheel` group. Also remove all the logic that went to great lengths to `unveil()` a minimal set of filesystem paths that may be used for the command. The complexity-to-benefit ratio did not seem justified, and I think we're better off keeping this simple. Finally, remove pledge promises the moment they are no longer needed.
485 B
485 B
Name
pls - Execute a command as root
Synopsis
$ pls [command]
Description
Executes a command as superuser (UID and GID 0). This command is only available for users in the wheel group.
It is possible to execute commands that contain hyphenated options via the use of --, which signifies the
end of command options. For example:
$ pls -- ls -la
Examples
$ pls whoami
Password:
root
$
$ pls sh
Password:
# whoami
root
#