{"id":13411445,"url":"https://github.com/atalii/adage","last_synced_at":"2025-03-14T17:30:52.861Z","repository":{"id":157099207,"uuid":"629319598","full_name":"atalii/adage","owner":"atalii","description":"ada privilege escalation","archived":false,"fork":false,"pushed_at":"2024-04-05T18:37:27.000Z","size":139,"stargazers_count":4,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"dev","last_synced_at":"2024-04-14T10:17:31.617Z","etag":null,"topics":["ada","security","spark","sudo"],"latest_commit_sha":null,"homepage":"","language":"Ada","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/atalii.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-18T04:37:55.000Z","updated_at":"2024-05-03T02:52:45.915Z","dependencies_parsed_at":"2024-03-24T01:31:49.820Z","dependency_job_id":"eab9d911-58f9-461c-98f4-a59154b282e0","html_url":"https://github.com/atalii/adage","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atalii%2Fadage","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atalii%2Fadage/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atalii%2Fadage/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atalii%2Fadage/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/atalii","download_url":"https://codeload.github.com/atalii/adage/tar.gz/refs/heads/dev","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243618632,"owners_count":20320268,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ada","security","spark","sudo"],"created_at":"2024-07-30T20:01:13.743Z","updated_at":"2025-03-14T17:30:52.489Z","avatar_url":"https://github.com/atalii.png","language":"Ada","funding_links":[],"categories":["Applications"],"sub_categories":["Misc"],"readme":"# adage\n\nada group and user escalation\n\n\u003e Hopefully this goes without saying, but don't install random SUID binaries\n\u003e off the internet. Don't install this on any machine unless you\n\u003e *really* know what you're doing.\n\n```sh\n# run a command as root\n$ adg systemctl list-units\n[output snipped]\n# or as any other user, in this case, the nas user\n$ adg @nas ls /media/nas\n[output snipped]\n```\n\n## Overview\n\nAdage is a nimble alternative to doas and sudo meant to be simple, safe,\nproven, and secure. This simplicity is in usage, configuration, and\nfunction: Adage does as little as it can get away with.\n\n## Usage\n\nInstall [alire](https://alire.ada.dev/). Then, run `alr build`. Alternatively,\nadage is coming maybe some day to a package manager near you.\n\n```\nadg [@user] [cmd...]\n```\n\n## Configuration\n\nYou probably want this configuration in `/etc/adage.conf`:\n\n```\n# Permit users of the wheel group to escalate to root.\npermit g!wheel as root\n\n# If you want to give your own user absolute power with no password, add\n# this line, too. It's convenient, but carries with it the obvious\n# implications.\npermit u!your-user as *: nopasswd\n```\n\nIf this isn't the config you want, see `adage.conf(5)`.\n\n\n## Status\n\nAdage is unstable, unaudited, and developed on the villainous schedule of my\nfree time. That said, here's what I'm looking to add or vaguely considering:\n\n+ Comprehensive logging. Errors and escalations should be reported to the\n  syslog, or, if no socket is accessible, `/var/log`.\n\n+ Persisted authentication. Both doas and sudo allow authentication to persist\n  for a bit so that password prompts don't become too annoying. This probably\n  represents a nice security/annoyance compromise, and would be good to support.\n\n+ Configuration validation and escalation dry runs. Should be self-explanatory,\n  would be a nice QoL feature. (Validation implemented in fff516, dry runs\n  still TODO.)\n\n+ PAM. Loading C dynlibs and asking them nicely to authenticate a user isn't a\n  great strategy, but it is the current standard. Support with some sandboxing\n  may have some utility, but I'm not etnhusiastic about it.\n\n+ More verification. Right now, components are fairly well-coupled, making it\n  hard to extract pure functions to verify. As a result, Adage is maybe a bit\n  too light on SPARK.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatalii%2Fadage","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fatalii%2Fadage","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatalii%2Fadage/lists"}