]> git.armaanb.net Git - opendoas.git/commitdiff
projects / opendoas.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 01c658f)
always reset the "su" variables, which is more consistent and predictable. ok martijn...
authortedu <tedu>
Mon, 17 Jun 2019 16:01:26 +0000 (16:01 +0000)
committerDuncan Overbruck <mail@duncano.de>
Sat, 19 Oct 2019 12:53:27 +0000 (14:53 +0200)
doas.conf.5 patch | blob | history
env.c patch | blob | history

diff --git a/doas.conf.5 b/doas.conf.5
index 8fd700bd7f6f076c1727a405eb74a69d811df8d9..c9ea1b83b746665f0697de465789db8989a23852 100644 (file)
--- a/doas.conf.5
+++ b/doas.conf.5
@@ -54,6 +54,14 @@ The default is to reset the environment, except for the variables
 .Ev DISPLAY
 and
 .Ev TERM .
+The variables
+.Ev HOME ,
+.Ev LOGNAME ,
+.Ev PATH ,
+.Ev SHELL ,
+and
+.Ev USER
+are always reset.
 .It Ic setenv { Oo Ar variable ... Oc Oo Ar variable=value ... Oc Ic }
 In addition to the variables mentioned above, keep the space-separated
 specified variables.
diff --git a/env.c b/env.c
index c0f38378e7947c90e77e23396921179be4d6d602..f1fe45fbc83a6f51c7a2448209abe42b48f044f0 100644 (file)
--- a/env.c
+++ b/env.c
@@ -86,6 +86,10 @@ static struct env *
 createenv(const struct rule *rule, const struct passwd *mypw,
     const struct passwd *targpw)
 {
+       static const char *copyset[] = {
+               "DISPLAY", "TERM",
+               NULL
+       };
        struct env *env;
        u_int i;
 
@@ -96,6 +100,13 @@ createenv(const struct rule *rule, const struct passwd *mypw,
        env->count = 0;
 
        addnode(env, "DOAS_USER", mypw->pw_name);
+       addnode(env, "HOME", targpw->pw_dir);
+       addnode(env, "LOGNAME", targpw->pw_name);
+       addnode(env, "PATH", getenv("PATH"));
+       addnode(env, "SHELL", targpw->pw_shell);
+       addnode(env, "USER", targpw->pw_name);
+
+       fillenv(env, copyset);
 
        if (rule->options & KEEPENV) {
                extern char **environ;
@@ -125,19 +136,6 @@ createenv(const struct rule *rule, const struct passwd *mypw,
                                env->count++;
                        }
                }
-       } else {
-               static const char *copyset[] = {
-                       "DISPLAY", "TERM",
-                       NULL
-               };
-
-               addnode(env, "HOME", targpw->pw_dir);
-               addnode(env, "LOGNAME", targpw->pw_name);
-               addnode(env, "PATH", getenv("PATH"));
-               addnode(env, "SHELL", targpw->pw_shell);
-               addnode(env, "USER", targpw->pw_name);
-
-               fillenv(env, copyset);
        }
 
        return env;
Fork of OpenDoas that insults you