Martijn van Duren wrote: > Hello tech@, > > The following patch adds $PATH resolving to doas. This has two advantages: > 1) People are forced to configure doas with a full path, which makes > sure that applications can't be spoofed by users changing their $PATH to > a writeable location and making copies of other (potential dangerous) > binaries to said directories > 2) People who were already using full paths in doas.conf(5) are now > allowed to run `shutdown` as a simple `shutdown` instead of typing > `/sbin/shutdown` every time.
I don't see what problem this solves. If users are restricted to particular commands, doas already enforces that they be in a system path. On the other hand, this diff seems to make configuration harder and more fickle.
