[Bug 256233] security/doas: target user's login class gets ignored

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 03 Jun 2021 03:20:32 +0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256233

--- Comment #13 from bugs.freebsd_at_scourger.nl ---
The suggestion to use "doas -S" or "su -" won't really work in many situations.
You can't run arbitrary commands (e.g. when calling doas from a script) and you
can't pass or modify environment variables. Simulating a full login is only
useful in fairly specific circumstances (predominantly interactive shell work).

I'm not quite convinced that it's confusing when the language gets switched. In
a way, that was already happening before the fix (always switching to the C
locale because no LANG was set). But I guess we will have to agree to disagree
on this point.

When I think about it, I might even prefer the old behaviour (LANG gets
cleared) over the new one (default to setting the caller's LANG). The reason is
simply that no other environment variable defaults to the caller's value. All
others either get cleared or set to the value appropriate for the target user.

I think you should consider to either revert to the old behaviour (just reset
LANG), or use the language from the target user. I believe using the caller's
language is just not very favorable from a consistency standpoint.
For what it's worth, doas on OpenBSD clears the LANG environment (but it also
doesn't let you configure "lang" in login.conf).

-- 
You are receiving this mail because:
You are the assignee for the bug.
Received on Thu Jun 03 2021 - 03:20:32 UTC

Original text of this message