Article 4HN0N doas environmental security

doas environmental security

by
from OpenBSD Journal on (#4HN0N)

Ted Unangst (tedu@)postedto the tech@mailing list regardingrecent changes to environment handling indoas(in -current):

[...]After some reflection, I've been convinced that it's unlikely everybody readsthe manuals, or that the manuals are even correct or complete. So the new doasbehavior moving forward is to reset most everything to the target user'senvironment.Your action items, as we like to say in the biz, are:1. Check existing configs for "restricted root" rules and verify that they arerun with the correct environment.2. When updating, check for rules that intentionally use inherited environmentvariables. They may need to be explicitly passing using setenv in doas.conf.

Readers are encouraged to read theentire message.

External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments