wrope - extend a wrapped environment to an op escalated process
wrope -P pid [-C config] [-f file] [-g group] [-R root] [-u user]
mnemonic program euid:egid cred_type:cred
This jacket allows access from an escalated shell to the client's wrap-
per diversions. It does this creating a wrapw(1) diversion that multi-
plexes the existing diversion stack under a single domain socket, then
chowns that socket to the escalated login (and group).
The escalated process is provided with the diversion tableau from the
new instance of wrapw. Since the wrapw process runs as the client
login, in a different session, is it unlikely that the escalated login
can suborn it.
Since this program must manage the running diversion process as well as
the escalated process, it must be specified as a jacket (rather than a
This program takes all the op provided options, but actually doesn't
look at any of them (other than -P). It does sanity check them, just
Like any jacket, most of the configuration is passed from op via the
A template to generate (with mkdtemp(3) and mktemp(3)) a unique
location for the new diversion socket. The default is
"/tmp/wropeXXXXXX/wp0". That mocks the location wrapw would use
enough that new diversions that nest under wrapw will still
The standard reveal logic, see op-jacket(7).
All of these are deleted from each wrapw's environment: $IFS, $CDPATH,
$ENV, $BASH_ENV to prevent perl(1) from refusing to run any commands.
There is no way in the jacket to set them for wrapw.
Ancestrial instance of wrapw may know the value of other environment
variables, e.g. those not provided to the escalated environment. For
example, the original $PATH might be recovered with:
wrapw -1 -WR - |tr '\000' '\n' |grep "^PATH="
This does depend on an existing wrapw diversion in-play before op was
executed, which usually means you coded a script to make that happen.
These are example from the command-line:
Output only the version of the program, then exit.
Output a summary of the environment expected.
All of these are snips from the op access.cf file. Note that you must
allow any referenced environment variables into the escalated environ-
ment, and it is a really good idea to include a $PATH.
$TERM $TERMCAP $PERP=$l
This is the most common spell to run this jacket. It allows all
well-formed wrapper variables to be passed to the jacket, which
replaces them with the mappings from wrapw. This gives the
escalated process access to all in-scope diversions.
$TERM $TERMCAP $PERP=$l
Allow only diversions for wrappers we know through to the esca-
lated process. To cut off access to the original environment
don't include any instances of wrapw.
It might be possible to trick a wrapper into doing something unex-
pected, but I've never had a problem with that.
K S Braunsdorf, from the Non-Player Character Guild
op at-not-a-spammer ksb dot npcguild.org.nopinks
op(1l), op-jacket(7l), wrapw(1l), ptbw(1l), xclate(1l), proxy-
agent(7l), hxmd(8l), chown(2)