ref: 8f109ae113215166746b150a5a09b96050e62e52
parent: b4b4b6cd631e4627f8e581d20fc70d5d13f4de18
author: Ori Bernstein <ori@eigenstate.org>
date: Tue Aug 2 22:57:22 EDT 2022
auth(8): specify what gets put into the environemnt with '-s' Understanding the environment is important for security critical applications.
--- a/sys/man/8/auth
+++ b/sys/man/8/auth
@@ -298,8 +298,16 @@
flag specifies a string of driver
characters to keep. The
.B -s
-flag initializes the namespace to what rc expects,
-and passes its arguments unmodified to /bin/rc.
+flag initializes the namespace to an environment which includes
+.IR /bin ,
+.IR /srv ,
+.IR /env ,
+.IR /rc ,
+adds the
+.I |d
+devices, and execs
+.IR /bin/rc ,
+passing all arguments as though rc was invoked directly.
.PP
.I As
executes