commit 55adb00203fcb35df767868a02d6bcaea86092f5
parent 01c658f8c45cb92a343be5f32aa6da70b2032168
Author: tedu <tedu>
Date: Mon, 17 Jun 2019 16:01:26 +0000
always reset the "su" variables, which is more consistent and predictable. ok martijn millert
Diffstat:
2 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/doas.conf.5 b/doas.conf.5
@@ -54,6 +54,14 @@ The default is to reset the environment, except for the variables
.Ev DISPLAY
and
.Ev TERM .
+The variables
+.Ev HOME ,
+.Ev LOGNAME ,
+.Ev PATH ,
+.Ev SHELL ,
+and
+.Ev USER
+are always reset.
.It Ic setenv { Oo Ar variable ... Oc Oo Ar variable=value ... Oc Ic }
In addition to the variables mentioned above, keep the space-separated
specified variables.
diff --git a/env.c b/env.c
@@ -86,6 +86,10 @@ static struct env *
createenv(const struct rule *rule, const struct passwd *mypw,
const struct passwd *targpw)
{
+ static const char *copyset[] = {
+ "DISPLAY", "TERM",
+ NULL
+ };
struct env *env;
u_int i;
@@ -96,6 +100,13 @@ createenv(const struct rule *rule, const struct passwd *mypw,
env->count = 0;
addnode(env, "DOAS_USER", mypw->pw_name);
+ addnode(env, "HOME", targpw->pw_dir);
+ addnode(env, "LOGNAME", targpw->pw_name);
+ addnode(env, "PATH", getenv("PATH"));
+ addnode(env, "SHELL", targpw->pw_shell);
+ addnode(env, "USER", targpw->pw_name);
+
+ fillenv(env, copyset);
if (rule->options & KEEPENV) {
extern char **environ;
@@ -125,19 +136,6 @@ createenv(const struct rule *rule, const struct passwd *mypw,
env->count++;
}
}
- } else {
- static const char *copyset[] = {
- "DISPLAY", "TERM",
- NULL
- };
-
- addnode(env, "HOME", targpw->pw_dir);
- addnode(env, "LOGNAME", targpw->pw_name);
- addnode(env, "PATH", getenv("PATH"));
- addnode(env, "SHELL", targpw->pw_shell);
- addnode(env, "USER", targpw->pw_name);
-
- fillenv(env, copyset);
}
return env;
