Gilles should probably elaborate, but the way things are now is that system(3) is used to start the filters, allowing us to run any arbitrary (set of) command(s) as a filter.
Since the filters now in ports are non-interactive commands I proposed to move them to /usr/local/libexec/smtpd, which gilles@ is a proponent of. This however means that all filters need to be specified by a full path, which is not something I would promote. Hence the proposition of this diff. On 9/2/19 5:13 PM, Theo de Raadt wrote: > This seems really unconvenitional. > > PATH is normally used by interactive commands, or scripts which want > easily accessible programs. libexec has traditionally been excluded. > The idea is that programs which need things in libexec, must hardcode > the path. Intentionally. This is a subdirectory of libexec, probably > trying to follow the same pattern. So why is it not excluded in the same > way? > > Second questoin: are filter programs going to be in /bin or /usr/sbin? > If not, why is /bin on this PATH you are defining? > > It smell execvp abuse. > > Martijn van Duren <[email protected]> wrote: > >> With filters most likely defaulting to /usr/local/libexec/smtpd in the >> near future I would like to add this as the default PATH, followed by >> the usual suspects. I left the usual suspects in place because people >> have shown they already implement filters in awk and probably will do >> so in /bin/sh in the future, which will need all the other paths. >> >> I put it in PATH_FILTER, so it can easily be altered for portable >> where sysadmins may decide to change the path for filters or for >> us if we ever want anything in base under /usr/libexec/smtpd. >> >> OK? >> >> martijn@ >> >> Index: smtpd.c >> =================================================================== >> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.c,v >> retrieving revision 1.324 >> diff -u -p -r1.324 smtpd.c >> --- smtpd.c 26 Jul 2019 07:08:34 -0000 1.324 >> +++ smtpd.c 2 Sep 2019 15:00:47 -0000 >> @@ -1350,6 +1350,7 @@ fork_processor(const char *name, const c >> */ >> if (read(STDERR_FILENO, &buf, 1) != 0) >> errx(1, "lka didn't properly close write end of error socket"); >> + setenv("PATH", PATH_FILTER, 1); >> if (system(command) == -1) >> err(1, NULL); >> >> Index: smtpd.h >> =================================================================== >> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.h,v >> retrieving revision 1.633 >> diff -u -p -r1.633 smtpd.h >> --- smtpd.h 28 Aug 2019 15:50:36 -0000 1.633 >> +++ smtpd.h 2 Sep 2019 15:00:47 -0000 >> @@ -56,6 +56,7 @@ >> #define SMTPD_BACKLOG 5 >> >> #define PATH_SMTPCTL "/usr/sbin/smtpctl" >> +#define PATH_FILTER "/usr/local/libexec/smtpd:" _PATH_DEFPATH >> >> #define PATH_OFFLINE "/offline" >> #define PATH_PURGE "/purge" >>
