[Bug 256233] security/doas: target user's login class gets ignored
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 256233] security/doas: target user's login class gets ignored"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 31 May 2021 14:07:51 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256233 --- Comment #5 from jsmith@resonatingmedia.com --- Since lang and welcome are both environment variables I'd expect them to be ignored (when using doas's keepenv flag) or wiped out if keepenv isn't specified in doas.conf. The calling user isn't likely to want to have their language setting suddenly change to the target user's when they run a command. You are correct that setusercontext() can be used to set some environment variables to the target user's settings. According to the manual page lang, charset, timezone, and term are supported. (Looks like welcome/motd is not.) But I'm not sure it's a good idea to risk doing that as it means switching the language settings could make a mess of the terminal and input of the calling user. Is there a reason why I'd want my language settings and/or timezone to change when running doas? It seems like it would cause more problems than offer solutions. But I'm open to the idea. -- You are receiving this mail because: You are the assignee for the bug.