From c55374a52b758c37c41a99fc80253fef014f1fef Mon Sep 17 00:00:00 2001 From: Dylan Araps Date: Mon, 18 May 2020 10:29:25 +0300 Subject: [PATCH] as_root(): Strict environment. Running a portion of the script as root will now use a stricter environment. The root user will only inherit a small and fixed white-list of environment variables. - HOME/XDG_CACHE_HOME - To make use of the non-root user's package cache for the purposes of installation. - KISS_PATH - To make use of the non-root user's set repositories during installation. - KISS_FORCE - To carry over KISS_FORCE if passed as non-root. The 'sudo' and 'su' commands were also changed to run as "login shells". This allows environment variables to be set solely for the root account (KISS_HOOK, etc) via '.profile' or etc. As for 'doas', this has to happen via doas.conf. --- kiss | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/kiss b/kiss index cce4906..47edd3f 100755 --- a/kiss +++ b/kiss @@ -49,15 +49,18 @@ prompt() { as_root() { # Simple function to run a command as root using either 'sudo', # 'doas' or 'su'. Hurrah for choice. - [ "$uid" = 0 ] || { - log "Using '${su:-su}' (to become ${user:=root})" - export KISS_AS_ROOT=1 - } + [ "$uid" = 0 ] || log "Using '${su:-su}' (to become ${user:=root})" + + # Add the following environment variables to the root environment + # so that the non-root user's cache can be used. This is the + # portable method of doing so and works across all tools. + set -- env HOME="$HOME" XDG_CACHE_HOME="$XDG_CACHE_HOME" \ + KISS_PATH="$KISS_PATH" KISS_FORCE="$KISS_FORCE" "$@" case $su in - *sudo) sudo -E -u "$user" -- "$@" ;; - *doas) doas -u "$user" -- "$@" ;; - *) su -pc "$* <&3" "$user" 3<&0