On Sun, Aug 9, 2015 at 6:23 PM, trondd <[email protected]> wrote:
> Was it a choice to not have 'doas -s' launch the shell as a login shell?
> Doing so reloads profiles preserving aliases and prompt variables.
>
> If a user is allowed to run the shell, the user can source the profile
> anyway, so this is just a convenience. Is there a security risk I'm
> missing?
>
> Tim.
>
>
> Index: doas.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/doas/doas.c,v
> retrieving revision 1.34
> diff -u -p -r1.34 doas.c
> --- doas.c 3 Aug 2015 15:31:05 -0000 1.34
> +++ doas.c 10 Aug 2015 01:07:15 -0000
> @@ -317,7 +317,7 @@ main(int argc, char **argv, char **envp)
> const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:"
> "/usr/local/bin:/usr/local/sbin";
> const char *confpath = NULL;
> - char *shargv[] = { NULL, NULL };
> + char *shargv[] = { NULL, NULL , NULL };
> char *sh;
> const char *cmd;
> char cmdline[LINE_MAX];
> @@ -379,8 +379,9 @@ main(int argc, char **argv, char **envp)
> shargv[0] = pw->pw_shell;
> else
> shargv[0] = sh;
> + shargv[1] = "-l";
> argv = shargv;
> - argc = 1;
> + argc = 2;
> }
>
> if (confpath) {
>
