diff options
| author |   tedu <tedu@openbsd.org> | 2019-06-17 16:01:26 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2019-06-17 16:01:26 +0000 |
| commit | 1aab56edd3ab8f289193825383a6ddcf75a105e3 (patch) | |
| tree | fd336455ecf19302b2efad16171f375c1b3fd5f0 | |
| parent | It's enough to allocate the EC key once. (diff) | |
| download | wireguard-openbsd-1aab56edd3ab8f289193825383a6ddcf75a105e3.tar.xz wireguard-openbsd-1aab56edd3ab8f289193825383a6ddcf75a105e3.zip | |
always reset the "su" variables, which is more consistent and predictable.
ok martijn millert
| -rw-r--r-- | usr.bin/doas/doas.conf.5 | 12 | ||||
| -rw-r--r-- | usr.bin/doas/env.c | 26 |
2 files changed, 22 insertions, 16 deletions
diff --git a/usr.bin/doas/doas.conf.5 b/usr.bin/doas/doas.conf.5 index e2aadebe246..d96000437bd 100644 --- a/usr.bin/doas/doas.conf.5 +++ b/usr.bin/doas/doas.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: doas.conf.5,v 1.36 2019/06/16 18:16:34 tedu Exp $ +.\" $OpenBSD: doas.conf.5,v 1.37 2019/06/17 16:01:26 tedu Exp $ .\" .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> .\" @@ -13,7 +13,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: June 16 2019 $ +.Dd $Mdocdate: June 17 2019 $ .Dt DOAS.CONF 5 .Os .Sh NAME @@ -54,6 +54,14 @@ The default is to reset the environment, except for the variables .Ev DISPLAY and .Ev TERM . +The variables +.Ev HOME , +.Ev LOGNAME , +.Ev PATH , +.Ev SHELL , +and +.Ev USER +are always reset. .It Ic setenv { Oo Ar variable ... Oc Oo Ar variable=value ... Oc Ic } In addition to the variables mentioned above, keep the space-separated specified variables. diff --git a/usr.bin/doas/env.c b/usr.bin/doas/env.c index 3cb7fd76247..7e419b8924f 100644 --- a/usr.bin/doas/env.c +++ b/usr.bin/doas/env.c @@ -1,4 +1,4 @@ -/* $OpenBSD: env.c,v 1.7 2019/06/16 18:16:34 tedu Exp $ */ +/* $OpenBSD: env.c,v 1.8 2019/06/17 16:01:26 tedu Exp $ */ /* * Copyright (c) 2016 Ted Unangst <tedu@openbsd.org> * @@ -85,6 +85,10 @@ static struct env * createenv(const struct rule *rule, const struct passwd *mypw, const struct passwd *targpw) { + static const char *copyset[] = { + "DISPLAY", "TERM", + NULL + }; struct env *env; u_int i; @@ -95,6 +99,13 @@ createenv(const struct rule *rule, const struct passwd *mypw, env->count = 0; addnode(env, "DOAS_USER", mypw->pw_name); + addnode(env, "HOME", targpw->pw_dir); + addnode(env, "LOGNAME", targpw->pw_name); + addnode(env, "PATH", getenv("PATH")); + addnode(env, "SHELL", targpw->pw_shell); + addnode(env, "USER", targpw->pw_name); + + fillenv(env, copyset); if (rule->options & KEEPENV) { extern const char **environ; @@ -124,19 +135,6 @@ createenv(const struct rule *rule, const struct passwd *mypw, env->count++; } } - } else { - static const char *copyset[] = { - "DISPLAY", "TERM", - NULL - }; - - addnode(env, "HOME", targpw->pw_dir); - addnode(env, "LOGNAME", targpw->pw_name); - addnode(env, "PATH", getenv("PATH")); - addnode(env, "SHELL", targpw->pw_shell); - addnode(env, "USER", targpw->pw_name); - - fillenv(env, copyset); } return env; |