svn commit: r508097 - in head/security/doas: . files

Kirill Ponomarev kp at krion.cc
Fri Aug 16 14:25:07 UTC 2019 

Thanks Kai, it explained all my questions.

On 08/16, Kai Knoblich wrote:
> On Fri, Aug 16, 2019 at 10:18:02AM +0200, Kirill Ponomarev wrote:
> > On 08/04, Kai Knoblich wrote:
> > > Author: kai
> > > Date: Sun Aug  4 15:43:27 2019
> > > New Revision: 508097
> > > URL: https://svnweb.freebsd.org/changeset/ports/508097
> > > 
> > > Log:
> > >   security/doas: Update to 6.1
> > >   
> > >   * Update the pkg-message to give users that install/upgrade the port some
> > >     info about the changed behavior regarding the environment variables. [1]
> > >   
> > >   * Make the configuration of target user's sanitized $PATH that is set at
> > >     compile time more flexible by enabling users to configure it via
> > >     _GLOBAL_PATH. [2]
> > >   
> > >   * Also pet portlint/portclippy by placing USES to the top of the USES block
> > >     and remove the superfluous occurence of GH_PROJECT while I'm here.
> > >   
> > >   Changelog:
> > >   
> > >   * Most environment variables are no longer copied to the target user's
> > >     environment. This avoids corrupting files through use of $HOME, for
> > >     example.
> > >   
> > >     When environment variables are required, keepenv can be set in the
> > >     doas.conf file.
> > 
> > It seems keepenv is completely ignored in conf file. Can you
> > investigate it?
> 
> I assume you're speaking about the HOME, PATH, USER, etc. variables that will
> be reset even if keepenv is set?
> 
> If so, those variables need to be passed along to the target user environment
> via setenv.
> 
> A line like below in doas.conf should work:
> 
> permit setenv { PATH HOME } someuser
> 
> For the case if the whole environment is also required:
> 
> permit keepenv setenv { PATH HOME } someuser
> 
> 
> This might be also helpful:
> 
> I've committed in r509055 an update for the VuXML entry of security/doas that
> contains now a reference to OpenBSD's tech mailinglist where the issues and
> the new behavior of the program are explained in a nutshell. [1]
> --
> Cheers
> Kai
> 
> [1] https://marc.info/?l=openbsd-tech&m=156105665713340&w=2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20190816/d7ca2d73/attachment.sig>

More information about the svn-ports-all mailing list