Date: Tue, 01 Jun 2021 14:20:33 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 256233] security/doas: target user's login class gets ignored Message-ID: <bug-256233-7788-BRLbkucLYi@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-256233-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-256233-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D256233 --- Comment #7 from jsmith@resonatingmedia.com --- I think preserving LANG probably makes sense, keeping the original caller's language settings. This probably got overlooked before since (as you pointed out) OpenBSD doesn't define LANG in login.conf and I never have LANG set on= my FreeBSD machine. So it wasn't addressed originally in the code and it would= n't have come up when I was porting. I'll look at preserving LANG, like HOME and and SHELL, as a special variabl= e. Off the top of my head, I don't think LANG can be used to do much harm. Technically, I suppose, there is a way to mess with something in another person's home directory using LANG, but if we have doas access to someone else's HOME then there are easier ways to cause mayhem. The PATH is hard coded on all platforms of the port at compile time. I think originally OpenBSD's version hard coded the PATH right in a header file and= it wasn't changeable at build time without patching the code. (I may be mistak= en, but that is how I think it was set up.) Since each platform might use a slightly different default PATH this was edited to allow easier build-time changes. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-256233-7788-BRLbkucLYi>