users to perform commands without successful commands being
logged to syslogd.
Added documentation to doas.conf manual page and doas.conf.sample
files to include tips and and example of the "nolog" flag in action.
The "nolog" flag is a feature of OpenBSD's doas command and has
been introduced for compatibility and as an optional way to avoid
filling up system logs with successful doas calls.
- Use mv(1) to install doas.conf to avoid writing a configuration file
while other processes might be reading it.
- Define the DOAS_CONF path once in Makefile and pass that to the
substitutions instead of recreating the full path independently in
multiple files.
- Add a separate rule for building the doas binary, instead of creating
it in the "all" target. This avoids some unnecessary re-linking.
and PATH from the original user to the target user. This could cause
files in the wrogn path or home directory to be read (or written to),
which resulted in potential security problems.
This has been changed so that only DISPLAY and TERM are passed to the
new environment. This is fine for running command line programs. When
GUI programs need to be run, "keepenv" can be added to the user's
doas.conf entry. This results in variables like HOME being copied
to the target user, allowing GUI programs to run.
Many thanks to Sander Bos for reporting this issue and explaining
how it can be exploited.
This commit also adds the ability to pass a customized PATH to
target users. The new PATH can be set at compile time in the
Makefile. The default path is provided in the Makefile and commented
out.