reset-path.patch 1.48 KB
Newer Older
Kevin Daudt's avatar
Kevin Daudt committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
diff --git a/main/doas/reset-path.patch b/main/doas/reset-path.patch
new file mode 100644
index 0000000000..17596f30c2
--- /dev/null
+++ b/main/doas/reset-path.patch
@@ -0,0 +1,42 @@
+From 3b1d856055ae1e9e4a15884b539bd4fee6aff1d5 Mon Sep 17 00:00:00 2001
+From: Duncan Overbruck <mail@duncano.de>
+Date: Thu, 28 Jan 2021 17:58:34 +0100
+Subject: [PATCH] correctly reset path for rules without specific command
+
+This is a fixup for commit 01c658f8c45cb92a343be5f32aa6da70b2032168
+where the behaviour was changed to not inherit the PATH variable
+by default.
+---
+ doas.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/doas.c b/doas.c
+index e253905..98e354c 100644
+--- a/doas.c
++++ b/doas.c
+@@ -379,12 +379,22 @@ main(int argc, char **argv)
+ 	    rule->options & PERSIST);
+ #endif
+ 
++#ifdef HAVE_LOGIN_CAP_H
++	if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
++	    LOGIN_SETPATH |
++	    LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
++	    LOGIN_SETUSER) != 0)
++		errx(1, "failed to set user context for target");
++#else
+ 	if (setresgid(targpw->pw_gid, targpw->pw_gid, targpw->pw_gid) != 0)
+ 		err(1, "setresgid");
+ 	if (initgroups(targpw->pw_name, targpw->pw_gid) != 0)
+ 		err(1, "initgroups");
+ 	if (setresuid(target, target, target) != 0)
+ 		err(1, "setresuid");
++	if (setenv("PATH", safepath, 1) == -1)
++		err(1, "failed to set PATH '%s'", safepath);
++#endif
+ 
+ 	if (getcwd(cwdpath, sizeof(cwdpath)) == NULL)
+ 		cwd = "(failed)";
+-- 
+2.30.0
+