On Wed, Jun 12, 2019 at 09:08:29AM -0500, myportslist20190...@nym.hush.com
wrote:
> 2. man bsd.port.mk: in the PORTS_PRIVSEP section, where one adds
> these commands to doas.conf: /usr/bin/touch, /usr/sbin/pkg_add, and
> /usr/sbin/pkg_delete, I think an additional line is needed:
>
> permit nopass setenv { TERM } solene cmd /usr/bin/env
Nope, you don't want that line.
If you allow /usr/bin/env without passwd, you may as well allow any command.
The tree was fixed post-6.5 so that normal usage would no longer need env.
