[sudo-users] security bug -- sudo undefines functions in environment
Todd C. Miller
Todd.Miller at courtesan.com
Tue Aug 5 16:02:19 MDT 2014
On Sun, 03 Aug 2014 23:11:31 -0700, "L. A. Walsh" wrote:
> Can you explain why it shouldn't be configurable?
I'll consider allowing env_keep match bash-style functions in the
environment for sudo 1.8.11. It still seems dangerous but if you
are not actually using sudo to restrict root access I suppose it
is not any worse than allowing PS4 to be preserved.
- todd
More information about the sudo-users
mailing list