aboutsummaryrefslogblamecommitdiffstats
path: root/community/doas/reset-path.patch
blob: 17596f30c2b85136835cf924868b41a56412a35a (plain) (tree)









































                                                                           
From 3b1d856055ae1e9e4a15884b539bd4fee6aff1d5 Mon Sep 17 00:00:00 2001
From: Duncan Overbruck <mail@duncano.de>
Date: Thu, 28 Jan 2021 17:58:34 +0100
Subject: [PATCH] correctly reset path for rules without specific command

This is a fixup for commit 01c658f8c45cb92a343be5f32aa6da70b2032168
where the behaviour was changed to not inherit the PATH variable
by default.
---
 doas.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/doas.c b/doas.c
index e253905..98e354c 100644
--- a/doas.c
+++ b/doas.c
@@ -379,12 +379,22 @@ main(int argc, char **argv)
 	    rule->options & PERSIST);
 #endif
 
+#ifdef HAVE_LOGIN_CAP_H
+	if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
+	    LOGIN_SETPATH |
+	    LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
+	    LOGIN_SETUSER) != 0)
+		errx(1, "failed to set user context for target");
+#else
 	if (setresgid(targpw->pw_gid, targpw->pw_gid, targpw->pw_gid) != 0)
 		err(1, "setresgid");
 	if (initgroups(targpw->pw_name, targpw->pw_gid) != 0)
 		err(1, "initgroups");
 	if (setresuid(target, target, target) != 0)
 		err(1, "setresuid");
+	if (setenv("PATH", safepath, 1) == -1)
+		err(1, "failed to set PATH '%s'", safepath);
+#endif
 
 	if (getcwd(cwdpath, sizeof(cwdpath)) == NULL)
 		cwd = "(failed)";
-- 
2.30.0