[Bug 256233] security/doas: target user's login class gets ignored

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 05 Jun 2021 15:49:29 +0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256233

--- Comment #23 from jsmith_at_resonatingmedia.com ---
Thanks for sharing the attachments. Looks like the difference between our
configurations was I had KEEPENV specified in my configuration file so
environment variables were getting copied over, rather than reset.

I've looked at this some more and decided having one login class variable
(language) in this case be an exception to how things work doesn't really fit
with how doas works. LANG (and other variables) are meant to be set in
doas.conf rather than pulled in from other places.

So what I've ended up doing is allowing login.c to set resource limits on
FreeBSD to avoid punching a hole in a user's resource restrictions. However,
I'm going to leave setting environment variables up to the configuration of
doas.conf.

-- 
You are receiving this mail because:
You are the assignee for the bug.
Received on Sat Jun 05 2021 - 15:49:29 UTC

Original text of this message