From owner-svn-ports-head@freebsd.org Fri Aug 16 13:45:28 2019 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B9725CCC24; Fri, 16 Aug 2019 13:45:28 +0000 (UTC) (envelope-from kai@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4694MX4VYMz4HMP; Fri, 16 Aug 2019 13:45:28 +0000 (UTC) (envelope-from kai@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1454) id 8FE9817C53; Fri, 16 Aug 2019 13:45:28 +0000 (UTC) Date: Fri, 16 Aug 2019 13:45:28 +0000 From: Kai Knoblich To: Kirill Ponomarev Cc: Kai Knoblich , ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r508097 - in head/security/doas: . files Message-ID: <20190816134528.GA8129@freefall.freebsd.org> References: <201908041543.x74FhRXW063540@repo.freebsd.org> <20190816081802.GA4823@krion.cc> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190816081802.GA4823@krion.cc> User-Agent: Mutt/1.11.4 (2019-03-13) X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Aug 2019 13:45:28 -0000 On Fri, Aug 16, 2019 at 10:18:02AM +0200, Kirill Ponomarev wrote: > On 08/04, Kai Knoblich wrote: > > Author: kai > > Date: Sun Aug 4 15:43:27 2019 > > New Revision: 508097 > > URL: https://svnweb.freebsd.org/changeset/ports/508097 > > > > Log: > > security/doas: Update to 6.1 > > > > * Update the pkg-message to give users that install/upgrade the port some > > info about the changed behavior regarding the environment variables. [1] > > > > * Make the configuration of target user's sanitized $PATH that is set at > > compile time more flexible by enabling users to configure it via > > _GLOBAL_PATH. [2] > > > > * Also pet portlint/portclippy by placing USES to the top of the USES block > > and remove the superfluous occurence of GH_PROJECT while I'm here. > > > > Changelog: > > > > * Most environment variables are no longer copied to the target user's > > environment. This avoids corrupting files through use of $HOME, for > > example. > > > > When environment variables are required, keepenv can be set in the > > doas.conf file. > > It seems keepenv is completely ignored in conf file. Can you > investigate it? I assume you're speaking about the HOME, PATH, USER, etc. variables that will be reset even if keepenv is set? If so, those variables need to be passed along to the target user environment via setenv. A line like below in doas.conf should work: permit setenv { PATH HOME } someuser For the case if the whole environment is also required: permit keepenv setenv { PATH HOME } someuser This might be also helpful: I've committed in r509055 an update for the VuXML entry of security/doas that contains now a reference to OpenBSD's tech mailinglist where the issues and the new behavior of the program are explained in a nutshell. [1] -- Cheers Kai [1] https://marc.info/?l=openbsd-tech&m=156105665713340&w=2