On 10/21/19 10:35 PM, Peter Fraser wrote:
> I was surprised that after upgrading to 6.6 that
>
> doas xterm pftop &
>
> fails with:
>
> Warning: This program is an suid-root program or is being run by the root
> user.
> The full text of the error or warning message cannot be safely formatted
> in this environment. You may get a more descriptive message by running the
> program as a non-root user or by removing the suid bit on the executable.
> xterm: Xt error: Can't open display: %s
>
> This is the result of the change in the behavior of doas.
> Quoting from the upgrade manual
>
> doas(1). The environment variable handling in doas(1) has been changed. In
> particular HOME and PATH are now reset to the target user.
>
> I assume that the problem arises because .Xauthority cannot be found
>
> Pass HOME and PATH in doas.conf allows the old behavior.
>
This is primarily the reason for changing doas' behaviour.
Not Xauthority per say, but reaching back to he caller's home directory
allowing arbitrary files to be loaded and potentially executed as
another user in a way not intended potentially leading to privilege
escalation.
Instead of setenving HOME and PATH I suggest you change the command to
xterm -e doas pftop &
or if your needs are covered
xterm -e doas systat states &
martijn@