Hacktricks Doas Best -

Just like with sudo , you should cross-reference the allowed command with GTFOBins . If doas permits cp , cat , find , git , or man without password sanitization, you can likely read files or spawn shells.

permit|deny [options] [identity] as [target] cmd [command] hacktricks doas

doas generally forbids environment variable inheritance, reducing the risk of privilege escalation through environment manipulation. Just like with sudo , you should cross-reference