Date: Fri, 16 Aug 2019 13:45:28 +0000 From: Kai Knoblich <kai@freefall.freebsd.org> To: Kirill Ponomarev <kp@krion.cc> Cc: Kai Knoblich <kai@freebsd.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r508097 - in head/security/doas: . files Message-ID: <20190816134528.GA8129@freefall.freebsd.org> In-Reply-To: <20190816081802.GA4823@krion.cc> References: <201908041543.x74FhRXW063540@repo.freebsd.org> <20190816081802.GA4823@krion.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 16, 2019 at 10:18:02AM +0200, Kirill Ponomarev wrote: > On 08/04, Kai Knoblich wrote: > > Author: kai > > Date: Sun Aug 4 15:43:27 2019 > > New Revision: 508097 > > URL: https://svnweb.freebsd.org/changeset/ports/508097 > > > > Log: > > security/doas: Update to 6.1 > > > > * Update the pkg-message to give users that install/upgrade the port some > > info about the changed behavior regarding the environment variables. [1] > > > > * Make the configuration of target user's sanitized $PATH that is set at > > compile time more flexible by enabling users to configure it via > > _GLOBAL_PATH. [2] > > > > * Also pet portlint/portclippy by placing USES to the top of the USES block > > and remove the superfluous occurence of GH_PROJECT while I'm here. > > > > Changelog: > > > > * Most environment variables are no longer copied to the target user's > > environment. This avoids corrupting files through use of $HOME, for > > example. > > > > When environment variables are required, keepenv can be set in the > > doas.conf file. > > It seems keepenv is completely ignored in conf file. Can you > investigate it? I assume you're speaking about the HOME, PATH, USER, etc. variables that will be reset even if keepenv is set? If so, those variables need to be passed along to the target user environment via setenv. A line like below in doas.conf should work: permit setenv { PATH HOME } someuser For the case if the whole environment is also required: permit keepenv setenv { PATH HOME } someuser This might be also helpful: I've committed in r509055 an update for the VuXML entry of security/doas that contains now a reference to OpenBSD's tech mailinglist where the issues and the new behavior of the program are explained in a nutshell. [1] -- Cheers Kai [1] https://marc.info/?l=openbsd-tech&m=156105665713340&w=2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190816134528.GA8129>