[Bug 256233] security/doas: target user's login class gets ignored

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 31 May 2021 03:15:30 UTC

--- Comment #4 from bugs.freebsd@scourger.nl ---
I've tried your fix and can confirm that resource limits are now being applied
according to the target user's login class. However, it still sets the locale
("lang") from the default login class (also when using "doas -u bob -S").

To get a few more data points, I've experimented a bit with login class
settings other than the resource limits. Here are some results:
:lang:      Gets reset to the default class.
:welcome:   Shows the default motd when using "doas -S", not the one specified.
:umask:     The umask from the target users login class is honoured (the
expected result).
:setenv: and :path: are ignored as far as I can tell. But this is expected
since environment variables are explicitly handled by doas.

This suggests there might be other login class capabilities which are reset to
the default class. I haven't tried out modifying things like mail, shell,
timezone etc., but I guess they are mostly irrelevant (except maybe when using
"doas -S").

You are receiving this mail because:
You are the assignee for the bug.