[sudo-users] keeping LD_PRELOAD in the environment

Dan Crosta dcrosta at gmail.com
Sun Apr 30 17:05:42 EDT 2006

I'm having some trouble keeping LD_PRELOAD in the environment that
programs run via sudo. here's what I have in my sudoers file:

Defaults        !env_reset, !lecture, tty_tickets, !fqdn, insults,
Defaults        env_keep += HOME, env_keep += EDITOR, env_keep += VISUAL
Defaults        env_keep += LD_PRELOAD
Defaults        env_delete -= LD_*, env_delete -= LD_PRELOAD, !noexec

root    ALL=(ALL) ALL

%admin  ALL=(ALL) ALL

and here's how I've been testing:

me at mybox:~$ sudo env |grep LD_
me at mybox:~$

I don't claim to understand entirely how the sudo code works wrt
environment manipulation, and my hypothesis is that it's smarter than
I am. I can't find any explicit case where it's removing LD_PRELOAD,
though, and given that I can't find that, it seems like the above
ought to keep LD_PRELOAD in the environment... does the order matter
somehow? It looked like the code in env.c reads in the entire sudoers
file and then processess all its environment machinations with the
full set of what's changed through Defaults.


More information about the sudo-users mailing list