doas environmental security

Ted Unangst (tedu@)postedto the tech@mailing list regardingrecent changes to environment handling indoas(in -current):

[...]After some reflection, I've been convinced that it's unlikely everybody readsthe manuals, or that the manuals are even correct or complete. So the new doasbehavior moving forward is to reset most everything to the target user'senvironment.Your action items, as we like to say in the biz, are:1. Check existing configs for "restricted root" rules and verify that they arerun with the correct environment.2. When updating, check for rules that intentionally use inherited environmentvariables. They may need to be explicitly passing using setenv in doas.conf.

Readers are encouraged to read theentire message.