svn commit: r508097 - in head/security/doas: . files
Kirill Ponomarev
kp at krion.cc
Fri Aug 16 14:25:07 UTC 2019
Thanks Kai, it explained all my questions.
On 08/16, Kai Knoblich wrote:
> On Fri, Aug 16, 2019 at 10:18:02AM +0200, Kirill Ponomarev wrote:
> > On 08/04, Kai Knoblich wrote:
> > > Author: kai
> > > Date: Sun Aug 4 15:43:27 2019
> > > New Revision: 508097
> > > URL: https://svnweb.freebsd.org/changeset/ports/508097
> > >
> > > Log:
> > > security/doas: Update to 6.1
> > >
> > > * Update the pkg-message to give users that install/upgrade the port some
> > > info about the changed behavior regarding the environment variables. [1]
> > >
> > > * Make the configuration of target user's sanitized $PATH that is set at
> > > compile time more flexible by enabling users to configure it via
> > > _GLOBAL_PATH. [2]
> > >
> > > * Also pet portlint/portclippy by placing USES to the top of the USES block
> > > and remove the superfluous occurence of GH_PROJECT while I'm here.
> > >
> > > Changelog:
> > >
> > > * Most environment variables are no longer copied to the target user's
> > > environment. This avoids corrupting files through use of $HOME, for
> > > example.
> > >
> > > When environment variables are required, keepenv can be set in the
> > > doas.conf file.
> >
> > It seems keepenv is completely ignored in conf file. Can you
> > investigate it?
>
> I assume you're speaking about the HOME, PATH, USER, etc. variables that will
> be reset even if keepenv is set?
>
> If so, those variables need to be passed along to the target user environment
> via setenv.
>
> A line like below in doas.conf should work:
>
> permit setenv { PATH HOME } someuser
>
> For the case if the whole environment is also required:
>
> permit keepenv setenv { PATH HOME } someuser
>
>
> This might be also helpful:
>
> I've committed in r509055 an update for the VuXML entry of security/doas that
> contains now a reference to OpenBSD's tech mailinglist where the issues and
> the new behavior of the program are explained in a nutshell. [1]
> --
> Cheers
> Kai
>
> [1] https://marc.info/?l=openbsd-tech&m=156105665713340&w=2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20190816/d7ca2d73/attachment.sig>
More information about the svn-ports-all
mailing list