X-Git-Url: https://git.armaanb.net/?p=opendoas.git;a=blobdiff_plain;f=doas.c;h=28954ecb6c7aee7a3db12ebf871a6e5e00782528;hp=5396df0d4657a23be99b48f2e304a50e1ed02788;hb=2103dd548aaa63339fd9137a4c9bb1e041921c28;hpb=78ab134cc3541d3dc9ad55044cbad5c0c8539147

diff --git a/doas.c b/doas.c
index 5396df0..28954ec 100644
--- a/doas.c
+++ b/doas.c
@@ -257,6 +257,7 @@ main(int argc, char **argv)
 	const char *confpath = NULL;
 	char *shargv[] = { NULL, NULL };
 	char *sh;
+	const char *p;
 	const char *cmd;
 	char cmdline[LINE_MAX];
 #ifdef __OpenBSD__
@@ -411,7 +412,24 @@ main(int argc, char **argv)
 # endif
 	}
 
+	if ((p = getenv("PATH")) != NULL)
+		formerpath = strdup(p);
+	if (formerpath == NULL)
+		formerpath = "";
+
+# ifdef __OpenBSD__
+	if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
+	    unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
+		err(1, "unveil");
+# endif
+	if (rule->cmd) {
+		if (setenv("PATH", safepath, 1) == -1)
+			err(1, "failed to set PATH '%s'", safepath);
+	}
 # ifdef __OpenBSD__
+	if (unveilcommands(getenv("PATH"), cmd) == 0)
+		goto fail;
+
 	if (pledge("stdio rpath getpw exec id", NULL) == -1)
 		err(1, "pledge");
 # endif