Re: security/doas: GLOBAL_PATH and SAFE_PATH do not include ${PREFIX}/bin

To: "David H. Gutteridge" <david%gutteridge.ca@localhost>, pkgsrc-users%netbsd.org@localhost
Subject: Re: security/doas: GLOBAL_PATH and SAFE_PATH do not include ${PREFIX}/bin
From: Takashi Shimizu <qqyr7xx9k%shirt.ocn.ne.jp@localhost>
Date: Thu, 7 May 2026 15:49:09 +0900


On 5/7/26 09:49, David H. Gutteridge wrote:

On Mon, 4 May 2026 at 11:44:55 +0900, Takashi Shimizu wrote:

Hi,

I have been using security/doas installed via pkgsrc, and noticed that
/usr/pkg/bin and /usr/pkg/sbin are not included in either GLOBAL_PATH
or SAFE_PATH, both defined in doas.h.


Looking at the source:

doas.h defines:
GLOBAL_PATH (used as the default PATH in the environment)
SAFE_PATH (used to override PATH when rule->cmd is specified)

Both currently contain /usr/local/bin and /usr/local/sbin, but not
${PREFIX}/bin or ${PREFIX}/sbin.

Since this is a pkgsrc package and pkgsrc installs everything under
${PREFIX} (typically /usr/pkg), having neither path in GLOBAL_PATH
nor SAFE_PATH makes doas effectively unable to find pkgsrc-installed
commands in many common configurations.

This does not appear to be an intentional security decision -- the
paths simply seem to have been carried over from the original
OpenBSD/Linux port without pkgsrc-specific adjustment. If there is
a security rationale for excluding ${PREFIX}/bin, I would appreciate
hearing it.

If this is considered a bug, the natural fix would be a patch to
doas.h using pkgsrc's @PREFIX@ substitution:

--- doas.h.orig
+++ doas.h
@@ -1,7 +1,7 @@
#ifndef GLOBAL_PATH

-#define GLOBAL_PATH
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+#define GLOBAL_PATH
"@PREFIX@/sbin:@PREFIX@/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/
usr/bin:/sbin:/bin"

#endif

#ifndef SAFE_PATH

-#define SAFE_PATH
"/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
+#define SAFE_PATH
"@PREFIX@/sbin:@PREFIX@/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/u
sr/sbin:/bin:/sbin"

#endif

Using @PREFIX@ rather than a hardcoded /usr/pkg ensures the fix
works correctly regardless of the LOCALBASE setting.

I am happy to submit this as a formal patch if it is accepted.

Thanks,
Takashi Shimizu

Hi,

I've added the paths, the commit being:
https://mail-index.netbsd.org/pkgsrc-changes/2026/05/07/msg345668.html

You'll see I did it a bit differently, as there's already an override
made for this purpose in the make tooling, so probably best to keep
it together there. I also kept (my interpretation of) upstream's
intended ordering as-is (it varies between the two definitions).

Regards,

Dave


Thank you for the prompt fix. I think this is a very clean solution.

Takashi Shimizu

References:
- Re: security/doas: GLOBAL_PATH and SAFE_PATH do not include ${PREFIX}/bin
  - From: David H. Gutteridge

Prev by Date: Re: security/doas: GLOBAL_PATH and SAFE_PATH do not include ${PREFIX}/bin
Next by Date: lang/nodejs fails to build on netbsd-10
Previous by Thread: Re: security/doas: GLOBAL_PATH and SAFE_PATH do not include ${PREFIX}/bin
Next by Thread: MesaLib fails to build from source (Linux)
Indexes:

Home | Main Index | Thread Index | Old Index