84ce5c7f — Duncan Overbruck 1 year, 10 months ago v6.6
configure: remove version
74449f01 — Duncan Overbruck 1 year, 10 months ago
doas.c: remove dead ifdefs to unclutter code
9be2d262 — Duncan Overbruck 1 year, 10 months ago
timestamp: simplify
ea761579 — Duncan Overbruck 1 year, 10 months ago
configure: make {UID,GID}_MAX configurable
add some checks to avoid UID_MAX (-1) here. this is not problematic with the current code, but it's probably safer this way. ok deraadt
96d78078 — semarie 2 years ago
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).

problem initially noted by myself for passwd(1)
millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1)
mestre@ noted chpass(1) too

ok mestre@ millert@
39169036 — Duncan Overbruck 2 years ago
fixup unveil
fix one last edge case regarding PATH, allows simpler config.
note that authentication is required, unless otherwise configured. ok sthen
f94cf30a — deraadt 2 years ago
snprintf/vsnprintf return < 0 on error, rather than -1.
fix some more fallout from setting path in setusercontext. restore previous behavior of using user PATH if no cmd restriction in the rule. run into by espie
add an example hint that shows how original path can be retained
tweak wording a bit. always talk about creating a new environment. also document DOAS_USER. ok deraadt jmc
025db698 — schwarze 2 years ago
more precisely describe what happens to the environment without keepenv; OK tedu@
2da129d4 — schwarze 2 years ago
mention that doas(1) resets the umask(2); OK tedu@
setusercontext resets PATH (which we want). but then it becomes impossible to access the old PATH. save a copy in case we need it later. bug report from espie.
mention environment resetting here as well. ok millert
always reset the "su" variables, which is more consistent and predictable. ok martijn millert
redo the environment inheritance to not inherit. it was intended to make life easier, but it can be surprising or even unsafe. instead, reset just about everything to the target user's values. ok deraadt martijn Thanks to Sander Bos in particular for pointing out some nasty edge cases.
a few cleanups and simplifications possible now that static pw is gone. noted by martijn. ok martijn.