diff options
| author |   ajacoutot <ajacoutot@openbsd.org> | 2012-08-13 10:10:07 +0000 |
|---|---|---|
| committer | ajacoutot <ajacoutot@openbsd.org> | 2012-08-13 10:10:07 +0000 |
| commit | 7c5d9cc329169723b14c9cf8b6836fa5b4d45d59 (patch) | |
| tree | e6cb4523c73687299bf1683a9943a745ef8830eb | |
| parent | Set the daemon_class as readonly as it should be (and is documented as (diff) | |
| download | wireguard-openbsd-7c5d9cc329169723b14c9cf8b6836fa5b4d45d59.tar.xz wireguard-openbsd-7c5d9cc329169723b14c9cf8b6836fa5b4d45d59.zip | |
unset _rcflags and _rcuser so that they don't get inherited by rc.d(8)
scripts; from robert at peichaer dot org
ok halex@
While here, put the "sanitation" commands in their own block.
| -rw-r--r-- | etc/rc.d/rc.subr | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/rc.d/rc.subr b/etc/rc.d/rc.subr index b70bcefc8cb..a5d7a97173c 100644 --- a/etc/rc.d/rc.subr +++ b/etc/rc.d/rc.subr @@ -1,4 +1,4 @@ -# $OpenBSD: rc.subr,v 1.61 2012/08/13 08:08:00 ajacoutot Exp $ +# $OpenBSD: rc.subr,v 1.62 2012/08/13 10:10:07 ajacoutot Exp $ # # Copyright (c) 2010, 2011 Antoine Jacoutot <ajacoutot@openbsd.org> # Copyright (c) 2010, 2011 Ingo Schwarze <schwarze@openbsd.org> @@ -203,8 +203,11 @@ getcap -f /etc/login.conf ${_name} 1>/dev/null 2>&1 && \ [ -n "${_rcflags}" ] && daemon_flags=${_rcflags} [ -n "${_rcuser}" ] && daemon_user=${_rcuser} +# sanitize daemon_flags=$(printf ' %s' ${daemon_flags}) daemon_flags=${daemon_flags## } +readonly daemon_class +unset _rcflags _rcuser + pexp="${daemon}${daemon_flags:+ ${daemon_flags}}" rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c" -readonly daemon_class |