[Bug 256233] security/doas: target user's login class gets ignored
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 256233] security/doas: target user's login class gets ignored"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 01 Jun 2021 14:20:33 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256233 --- Comment #7 from jsmith@resonatingmedia.com --- I think preserving LANG probably makes sense, keeping the original caller's language settings. This probably got overlooked before since (as you pointed out) OpenBSD doesn't define LANG in login.conf and I never have LANG set on my FreeBSD machine. So it wasn't addressed originally in the code and it wouldn't have come up when I was porting. I'll look at preserving LANG, like HOME and and SHELL, as a special variable. Off the top of my head, I don't think LANG can be used to do much harm. Technically, I suppose, there is a way to mess with something in another person's home directory using LANG, but if we have doas access to someone else's HOME then there are easier ways to cause mayhem. The PATH is hard coded on all platforms of the port at compile time. I think originally OpenBSD's version hard coded the PATH right in a header file and it wasn't changeable at build time without patching the code. (I may be mistaken, but that is how I think it was set up.) Since each platform might use a slightly different default PATH this was edited to allow easier build-time changes. -- You are receiving this mail because: You are the assignee for the bug.