Re: security/doas: GLOBAL_PATH and SAFE_PATH do not include ${PREFIX}/bin

To: pkgsrc-users%netbsd.org@localhost, qqyr7xx9k%shirt.ocn.ne.jp@localhost
Subject: Re: security/doas: GLOBAL_PATH and SAFE_PATH do not include ${PREFIX}/bin
From: "David H. Gutteridge" <david%gutteridge.ca@localhost>
Date: Wed, 06 May 2026 20:49:39 -0400

On Mon, 4 May 2026 at 11:44:55 +0900, Takashi Shimizu wrote:
> Hi,
> 
> I have been using security/doas installed via pkgsrc, and noticed that
> /usr/pkg/bin and /usr/pkg/sbin are not included in either GLOBAL_PATH
> or SAFE_PATH, both defined in doas.h.
> 
> 
> Looking at the source:
> 
> doas.h defines:
> GLOBAL_PATH (used as the default PATH in the environment)
> SAFE_PATH (used to override PATH when rule->cmd is specified)
> 
> Both currently contain /usr/local/bin and /usr/local/sbin, but not
> ${PREFIX}/bin or ${PREFIX}/sbin.
> 
> Since this is a pkgsrc package and pkgsrc installs everything under
> ${PREFIX} (typically /usr/pkg), having neither path in GLOBAL_PATH
> nor SAFE_PATH makes doas effectively unable to find pkgsrc-installed
> commands in many common configurations.
> 
> This does not appear to be an intentional security decision -- the
> paths simply seem to have been carried over from the original
> OpenBSD/Linux port without pkgsrc-specific adjustment. If there is
> a security rationale for excluding ${PREFIX}/bin, I would appreciate
> hearing it.
> 
> If this is considered a bug, the natural fix would be a patch to
> doas.h using pkgsrc's @PREFIX@ substitution:
> 
> --- doas.h.orig
> +++ doas.h
> @@ -1,7 +1,7 @@
> #ifndef GLOBAL_PATH
> 
> -#define GLOBAL_PATH
> "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
> +#define GLOBAL_PATH
> "@PREFIX@/sbin:@PREFIX@/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/
> usr/bin:/sbin:/bin"
> 
> #endif
> 
> #ifndef SAFE_PATH
> 
> -#define SAFE_PATH
> "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
> +#define SAFE_PATH
> "@PREFIX@/sbin:@PREFIX@/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/u
> sr/sbin:/bin:/sbin"
> 
> #endif
> 
> Using @PREFIX@ rather than a hardcoded /usr/pkg ensures the fix
> works correctly regardless of the LOCALBASE setting.
> 
> I am happy to submit this as a formal patch if it is accepted.
> 
> Thanks,
> Takashi Shimizu
> 

Hi,

I've added the paths, the commit being:
https://mail-index.netbsd.org/pkgsrc-changes/2026/05/07/msg345668.html

You'll see I did it a bit differently, as there's already an override
made for this purpose in the make tooling, so probably best to keep
it together there. I also kept (my interpretation of) upstream's
intended ordering as-is (it varies between the two definitions).

Regards,

Dave

Prev by Date: Re: enabling cyrus-sasl in postfix by default
Previous by Thread: security/doas: GLOBAL_PATH and SAFE_PATH do not include ${PREFIX}/bin
Next by Thread: MesaLib fails to build from source (Linux)
Indexes:

Home | Main Index | Thread Index | Old Index