From now on we will bump the minor version for feature additions, and
the patch version will signify smaller changes.
As we removed the libbsd dependency, I'd like to publish this version.
rdo now supports taking a group name instead of only allowing a single
user.
This also completely removes the user option, as it isn't necessary
anymore with groups support.
Previously, we used a for loop to rearrange argv to omit the first
argument, the rdo call itself.
It's way smarter to just dereference the first argv argument, and use it
as an argv pointer, to achieve the same result.
This error occurs when the user we try to hash the password for doesn't
have a password, as seen in #8.
We now mention this, to avoid future confusion.
getpwnam() does not populate errno when the user simply doesn't exist,
making err() print "Success" as the error.
We now check for errno == 0, and print a different error message for it.
Previously, the password would not be cleared after we hashed it with
crypt(), which lead to the password staying in memory for the duration
of program runtime.
This was only really an issue for incorrect passwords, as execve()
purges our memory anyway, but attackers could use an incorrect but
mostly correct password for privilege escalation.
Due to this being a security issue, this commit also introduces rdo
version 1.3.
Fixes#7
This is by far the heaviest feature of rdo, justifying
its own file for its 140loc.
It creates sessions, inspired by the way doas does it.
We use the /run/rdo temporary folder to store files in the
format of /run/rdo/pid-ts, pid being the PID of the process
that executed rdo, and ts being the timestamp at which said
process started.
As no 2 processes can have the exact same PID and startup time
(startup time is measured in the milliseconds), this seems secure.
Closes#4.
