Contributed by rueda on from the a-more-su_table-approach dept.
Ted Unangst (tedu@
)
posted
to the tech@
mailing list regarding
recent changes to environment handling in
doas
(in -current):
[...] After some reflection, I've been convinced that it's unlikely everybody reads the manuals, or that the manuals are even correct or complete. So the new doas behavior moving forward is to reset most everything to the target user's environment. Your action items, as we like to say in the biz, are: 1. Check existing configs for "restricted root" rules and verify that they are run with the correct environment. 2. When updating, check for rules that intentionally use inherited environment variables. They may need to be explicitly passing using setenv in doas.conf.
Readers are encouraged to read the entire message.
(Comments are closed)