Merge pull request #43 from mcdope/issue-39-remote-sudo-password-bypa…

…ss-via-vim #39: remote sudo password bypass via vim Back when we fixed #8 we introduced a sideeffect, allowing sudo bypass if connected to remote host as userX when userX has his already configured media connected. This changes the default value for the then introduced option unknown_pts_as_local to false to fix this. Closes #39
mcdope · Feb 12, 2021 · c6fde1b · c6fde1b
2 parents 7d62260 + f7d83d9
commit c6fde1b
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 75 deletions.
diff --git a/doc/CONFIGURATION b/doc/CONFIGURATION
@@ -42,7 +42,7 @@ The syntax is the following:
 | `color_log`            | Boolean | `true`              | Enable colored output                                            |
 | `one_time_pad`         | Boolean | `true`              | Enable the use of one time device-associated pad files           |
 | `deny_remote`          | Boolean | `true`              | Deny access from remote host (SSH)                               |
-| `unknown_pts_as_local` | Boolean | `true`              | Assume sessions from pseudo terminals to be local if not in utmp |
+| `unknown_pts_as_local` | Boolean | `false`             | Assume sessions from pseudo terminals to be local if not in utmp |
 | `probe_timeout`        | Time    | `10s`               | Time to wait for the volume to be detected                       |
 | `pad_expiration`       | Time    | `1h`                | Time between pad file regeneration                               |
 | `hostname`             | String  | Computer's hostname | Must be unique accross computers using the same device           |

diff --git a/doc/examples/pam_usb.conf b/doc/examples/pam_usb.conf
diff --git a/doc/pam_usb.conf b/doc/pam_usb.conf
@@ -8,7 +8,7 @@ See http://www.pamusb.org/doc/configuring
 				<!-- Example:
 						<option name="debug">true</option>
 						<option name="deny_remote">true</option>
-						<option name="unknown_pts_as_local">true</option>
+						<option name="unknown_pts_as_local">false</option>
 				-->
 		</defaults>
 

diff --git a/src/conf.c b/src/conf.c
@@ -150,7 +150,7 @@ int pusb_conf_init(t_pusb_options *opts)
 	opts->one_time_pad = 1;
 	opts->pad_expiration = 3600;
 	opts->deny_remote = 1;
-	opts->unknown_pts_as_local = 1;
+	opts->unknown_pts_as_local = 0;
 	return (1);
 }