Date: Fri, 16 Aug 2019 16:25:04 +0200 From: Kirill Ponomarev <kp@krion.cc> To: Kai Knoblich <kai@freefall.freebsd.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r508097 - in head/security/doas: . files Message-ID: <20190816142504.GB4823@krion.cc> In-Reply-To: <20190816134528.GA8129@freefall.freebsd.org> References: <201908041543.x74FhRXW063540@repo.freebsd.org> <20190816081802.GA4823@krion.cc> <20190816134528.GA8129@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--vGgW1X5XWziG23Ko Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Thanks Kai, it explained all my questions. On 08/16, Kai Knoblich wrote: > On Fri, Aug 16, 2019 at 10:18:02AM +0200, Kirill Ponomarev wrote: > > On 08/04, Kai Knoblich wrote: > > > Author: kai > > > Date: Sun Aug 4 15:43:27 2019 > > > New Revision: 508097 > > > URL: https://svnweb.freebsd.org/changeset/ports/508097 > > >=20 > > > Log: > > > security/doas: Update to 6.1 > > > =20 > > > * Update the pkg-message to give users that install/upgrade the por= t some > > > info about the changed behavior regarding the environment variabl= es. [1] > > > =20 > > > * Make the configuration of target user's sanitized $PATH that is s= et at > > > compile time more flexible by enabling users to configure it via > > > _GLOBAL_PATH. [2] > > > =20 > > > * Also pet portlint/portclippy by placing USES to the top of the US= ES block > > > and remove the superfluous occurence of GH_PROJECT while I'm here. > > > =20 > > > Changelog: > > > =20 > > > * Most environment variables are no longer copied to the target use= r's > > > environment. This avoids corrupting files through use of $HOME, f= or > > > example. > > > =20 > > > When environment variables are required, keepenv can be set in the > > > doas.conf file. > >=20 > > It seems keepenv is completely ignored in conf file. Can you > > investigate it? >=20 > I assume you're speaking about the HOME, PATH, USER, etc. variables that = will > be reset even if keepenv is set? >=20 > If so, those variables need to be passed along to the target user environ= ment > via setenv. >=20 > A line like below in doas.conf should work: >=20 > permit setenv { PATH HOME } someuser >=20 > For the case if the whole environment is also required: >=20 > permit keepenv setenv { PATH HOME } someuser >=20 >=20 > This might be also helpful: >=20 > I've committed in r509055 an update for the VuXML entry of security/doas = that > contains now a reference to OpenBSD's tech mailinglist where the issues a= nd > the new behavior of the program are explained in a nutshell. [1] > -- > Cheers > Kai >=20 > [1] https://marc.info/?l=3Dopenbsd-tech&m=3D156105665713340&w=3D2 --vGgW1X5XWziG23Ko Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEJCHRFhEAQujKni1pDyI9/LMCykUFAl1WvMAACgkQDyI9/LMC ykXQHgf5AeYLUy00VxL1X5NbAmow9a23ouMGXdLMHBDSyfNtUN0PtWzZ/CQGJjKU SByNt9Zvlc4pwR6DrXc82z/VmqrdYQ+2A51eoDg4OrRbO0TAdFoHHJ29B7l/iG1q /CqyAIaKQASZui2jImwHz89D4BcXgmO8i1UYzNmGsT5wsPK7No+mREKUAjVaqdX6 mvBPNplCZi5PPZ7yrk8Klmmgn+b4HZQNRjXL3A0PttxKz4RWqNoK/kaN/ES9F+7t Ncs1gIeL6ekZY7briswW4ecvnaLqp657aMrhYQvOpoaJta2MFjTkaM3HcwQdMGd1 xjwjUYn6kNa06cAcHwKjn0EovgXcZw== =8W+m -----END PGP SIGNATURE----- --vGgW1X5XWziG23Ko--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190816142504.GB4823>