From 8ccc22247dfd9360d3ef66beac1edaf6d1ef17c9 Mon Sep 17 00:00:00 2001
From: Jeremie Courreges-Anglas <jca@cvs.openbsd.org>
Date: Sun, 12 Jul 2020 14:35:39 +0000
Subject: Use su -fl to avoid sourcing /etc/profile / the target user's
 .profile

This way rc.d and rcctl don't suffer from side effects in people's rc
files.  If you somehow used those files to set environment variables,
you should have used login.conf as described in rc.d(8) instead.

ok ajacoutot@
---
 etc/rc.d/rc.subr | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'etc/rc.d/rc.subr')

diff --git a/etc/rc.d/rc.subr b/etc/rc.d/rc.subr
index 79a055c0967..0268e0a9722 100644
--- a/etc/rc.d/rc.subr
+++ b/etc/rc.d/rc.subr
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc.subr,v 1.134 2020/04/29 15:38:31 ajacoutot Exp $
+#	$OpenBSD: rc.subr,v 1.135 2020/07/12 14:35:38 jca Exp $
 #
 # Copyright (c) 2010, 2011, 2014-2017 Antoine Jacoutot <ajacoutot@openbsd.org>
 # Copyright (c) 2010, 2011 Ingo Schwarze <schwarze@openbsd.org>
@@ -319,6 +319,6 @@ unset _rcflags _rcrtable _rctimeout _rcuser
 # the shell will strip the quotes from daemon_flags when starting a daemon;
 # make sure pexp matches the process (i.e. doesn't include the quotes)
 pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})"
-rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
+rcexec="su -fl -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
 [ "${daemon_rtable}" -eq "$(id -R)" ] ||
 	rcexec="route -T ${daemon_rtable} exec ${rcexec}"
-- 
cgit v1.2.3