security/doas: GLOBAL_PATH and SAFE_PATH do not include ${PREFIX}/bin

[Takashi Shimizu <qqyr7xx9k%shirt.ocn.ne.jp@localhost>]

Hi,

I have been using security/doas installed via pkgsrc, and noticed that 
/usr/pkg/bin and /usr/pkg/sbin are not included in either GLOBAL_PATH or 
SAFE_PATH, both defined in doas.h.

Looking at the source:

doas.h defines:
GLOBAL_PATH (used as the default PATH in the environment)
SAFE_PATH (used to override PATH when rule->cmd is specified)

Both currently contain /usr/local/bin and /usr/local/sbin, but not
${PREFIX}/bin or ${PREFIX}/sbin.

Since this is a pkgsrc package and pkgsrc installs everything under
${PREFIX} (typically /usr/pkg), having neither path in GLOBAL_PATH
nor SAFE_PATH makes doas effectively unable to find pkgsrc-installed
commands in many common configurations.

This does not appear to be an intentional security decision -- the
paths simply seem to have been carried over from the original
OpenBSD/Linux port without pkgsrc-specific adjustment. If there is
a security rationale for excluding ${PREFIX}/bin, I would appreciate
hearing it.

If this is considered a bug, the natural fix would be a patch to
doas.h using pkgsrc's @PREFIX@ substitution:

--- doas.h.orig
+++ doas.h
@@ -1,7 +1,7 @@
#ifndef GLOBAL_PATH
-#define GLOBAL_PATH 
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+#define GLOBAL_PATH 
"@PREFIX@/sbin:@PREFIX@/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
#endif

#ifndef SAFE_PATH
-#define SAFE_PATH 
"/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
+#define SAFE_PATH 
"@PREFIX@/sbin:@PREFIX@/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin"
#endif

Using @PREFIX@ rather than a hardcoded /usr/pkg ensures the fix
works correctly regardless of the LOCALBASE setting.

I am happy to submit this as a formal patch if it is accepted.

Thanks,
Takashi Shimizu