From: tedu Date: Mon, 17 Jun 2019 19:51:23 +0000 (+0000) Subject: setusercontext resets PATH (which we want). but then it becomes impossible to access... X-Git-Tag: v6.6~15 X-Git-Url: https://git.armaanb.net/?p=opendoas.git;a=commitdiff_plain;h=2103dd548aaa63339fd9137a4c9bb1e041921c28 setusercontext resets PATH (which we want). but then it becomes impossible to access the old PATH. save a copy in case we need it later. bug report from espie. --- diff --git a/doas.c b/doas.c index 5396df0..28954ec 100644 --- a/doas.c +++ b/doas.c @@ -257,6 +257,7 @@ main(int argc, char **argv) const char *confpath = NULL; char *shargv[] = { NULL, NULL }; char *sh; + const char *p; const char *cmd; char cmdline[LINE_MAX]; #ifdef __OpenBSD__ @@ -411,7 +412,24 @@ main(int argc, char **argv) # endif } + if ((p = getenv("PATH")) != NULL) + formerpath = strdup(p); + if (formerpath == NULL) + formerpath = ""; + +# ifdef __OpenBSD__ + if (unveil(_PATH_LOGIN_CONF, "r") == -1 || + unveil(_PATH_LOGIN_CONF ".db", "r") == -1) + err(1, "unveil"); +# endif + if (rule->cmd) { + if (setenv("PATH", safepath, 1) == -1) + err(1, "failed to set PATH '%s'", safepath); + } # ifdef __OpenBSD__ + if (unveilcommands(getenv("PATH"), cmd) == 0) + goto fail; + if (pledge("stdio rpath getpw exec id", NULL) == -1) err(1, "pledge"); # endif diff --git a/doas.h b/doas.h index 3831dc7..4a117be 100644 --- a/doas.h +++ b/doas.h @@ -29,6 +29,8 @@ extern struct rule **rules; extern int nrules; extern int parse_errors; +extern const char *formerpath; + struct passwd; char **prepenv(const struct rule *, const struct passwd *, diff --git a/env.c b/env.c index f1fe45f..2090897 100644 --- a/env.c +++ b/env.c @@ -29,6 +29,8 @@ #include "doas.h" #include "includes.h" +const char *formerpath; + struct envnode { RB_ENTRY(envnode) node; const char *key; @@ -199,8 +201,12 @@ fillenv(struct env *env, const char **envlist) /* assign value or inherit from environ */ if (eq) { val = eq + 1; - if (*val == '$') - val = getenv(val + 1); + if (*val == '$') { + if (strcmp(val + 1, "PATH") == 0) + val = formerpath; + else + val = getenv(val + 1); + } } else { val = getenv(name); }