const char *confpath = NULL;
char *shargv[] = { NULL, NULL };
char *sh;
+ const char *p;
const char *cmd;
char cmdline[LINE_MAX];
#ifdef __OpenBSD__
# endif
}
+ if ((p = getenv("PATH")) != NULL)
+ formerpath = strdup(p);
+ if (formerpath == NULL)
+ formerpath = "";
+
+# ifdef __OpenBSD__
+ if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
+ unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
+ err(1, "unveil");
+# endif
+ if (rule->cmd) {
+ if (setenv("PATH", safepath, 1) == -1)
+ err(1, "failed to set PATH '%s'", safepath);
+ }
# ifdef __OpenBSD__
+ if (unveilcommands(getenv("PATH"), cmd) == 0)
+ goto fail;
+
if (pledge("stdio rpath getpw exec id", NULL) == -1)
err(1, "pledge");
# endif
#ifdef HAVE_SETUSERCONTEXT
if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
+ LOGIN_SETPATH |
LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
LOGIN_SETUSER) != 0)
errx(1, "failed to set user context for target");
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s",
mypw->pw_name, cmdline, targpw->pw_name, cwd);
- envp = prepenv(rule);
+ envp = prepenv(rule, mypw, targpw);
if (rule->cmd) {
+ /* do this again after setusercontext reset it */
if (setenv("PATH", safepath, 1) == -1)
err(1, "failed to set PATH '%s'", safepath);
}
projects / opendoas.git / blobdiff