commit 0b2393c6d725b6b3d75b61dd387fce4836cf24db from: Stefan Sperling date: Thu Sep 14 07:50:32 2023 UTC always keep basic environment variables intact after 'enable' command Make nshdoas preserve some important environment variables even when there is no rule in /etc/doas.conf. Without a matching rule in doas.conf we ended up running the privileged shell in an empty environment, which leads to tools such as vi(4) erroring out for lack of a terminal type. As before, the keepenv option in /etc/doas.conf can be used to preserve the entire user environment. We now preserve the following variables by default: DOAS_USER=nsh # added by nshdoas HOME=/root # overridden by nshdoas LOGNAME=root # overridden by nshdoas PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin SHELL=/usr/local/bin/nsh TERM=xterm USER=root # overridden by nshdoas Problem noticed by Tom. commit - df1b71b4ffb08376e1c36576d0cb9ba9456cbeba commit + 0b2393c6d725b6b3d75b61dd387fce4836cf24db blob - 2d93a4089b6b4ea71ec6c922c88f22b79d15a6d6 blob + 3ab2a9e5fba1ac5efd1ae5138cc047d44400f268 --- nshdoas/env.c +++ nshdoas/env.c @@ -104,12 +104,12 @@ createenv(const struct rule *rule, const struct passwd addnode(env, "HOME", targpw->pw_dir); addnode(env, "LOGNAME", targpw->pw_name); addnode(env, "PATH", getenv("PATH")); - addnode(env, "SHELL", targpw->pw_shell); + addnode(env, "SHELL", mypw->pw_shell); /* preserve "SHELL=nsh" */ addnode(env, "USER", targpw->pw_name); fillenv(env, copyset); - if (rule->options & KEEPENV) { + if (rule && (rule->options & KEEPENV)) { extern const char **environ; for (i = 0; environ[i] != NULL; i++) { @@ -228,7 +228,7 @@ prepenv(const struct rule *rule, const struct passwd * struct env *env; env = createenv(rule, mypw, targpw); - if (rule->envlist) + if (rule && rule->envlist) fillenv(env, rule->envlist); return flattenenv(env); blob - eb0e74c69c331997480a9c29da620b104c67414c blob + 09612d6c9a46bf03518398364258c034a093c7c4 --- nshdoas/nshdoas.c +++ nshdoas/nshdoas.c @@ -393,8 +393,7 @@ main(int argc, char **argv) mypw->pw_name, cmd[0], targpw->pw_name, cwd); } - if (rule) - envp = prepenv(rule, mypw, targpw); + envp = prepenv(rule, mypw, targpw); /* setusercontext set path for the next process, so reset it for us */ if (setenv("PATH", formerpath, 1) == -1)