-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sudo with password support #210
Comments
This might get quite cumbersome and brittle. Many of the commands k0sctl runs already read input from stdin. I'm not sure if there is a reliable way to split this into a stdin for sudo and a stdin for the command itself. |
Yeah, I also wonder if we could perhaps have another command decorator(similar to sudo) that would handle that for us on the remote side? Maybe someone has some better ideas how to make it work reliably? |
Looking for sudo prompts would require analyzing all output (different locales and distros may make this very difficult to do reliably) and maybe buffer/gatekeep stdin input. And it's slightly suspicious security-wise to send the sudo password to any command that renders output that looks like a sudo prompt. Perhaps the best option would be to spawn a sudo shell after connect that would be then used as the launcher for all subsequent commands, this is possible by returning a |
Yeah, that's true. I went with the route of doing a new provider with a decorator and calling it good on my end. Thanks a lot for help so far. // NewSudoProviderWithPass creates a new sudo provider configured with a sudo password.
func NewSudoProviderWithPass(password string) *sudo.Provider {
provider := plumbing.NewProvider[cmd.Runner, cmd.Runner](ErrNoSudo)
provider.Register(func(c cmd.Runner) (cmd.Runner, bool) {
if c.IsWindows() {
return nil, false
}
decorator := func(command string) string {
return SudoPass(command, password)
}
return cmd.NewExecutor(c, decorator), true
})
return provider
}
// SudoPass is a DecorateFunc that will wrap the given command in a sudo call.
func SudoPass(cmd string, pass string) string {
return fmt.Sprintf(`echo %s | sudo -S -- "${SHELL-sh}" -c %s`, shellescape.Quote(pass), shellescape.Quote(cmd))
} and rig.WithSudoProvider(sudo.NewSudoProviderWithPass(hostConfig.SudoPassword) |
That will leak the password and make it visible via /proc to all users (if /proc isn't mounted with hidepid>0). You really need to pass the password via stdin. |
Yes, I point to that in my comment as well.
The thing is that we currently do it in a similar way, so It doesn't change the security posture much.(and we use it on a single user system 99.99% of the time, so it fits within our risks) I would like to point out, that I wouldn't say this is a good way to do this in rig. |
I have never seen a real world case where an administrator would prefer a password input over strict (heavy whitelisting) passwordless sudo |
Split up from a closed/related issue for better tracking. I do plan to attempt an implementation of this.
Originally posted by @kaplan-michael in #195 (comment)
The text was updated successfully, but these errors were encountered: