[sudo-users] keeping LD_PRELOAD in the environment
Dan Crosta
dcrosta at gmail.com
Sun Apr 30 17:05:42 EDT 2006
I'm having some trouble keeping LD_PRELOAD in the environment that
programs run via sudo. here's what I have in my sudoers file:
----
Defaults !env_reset, !lecture, tty_tickets, !fqdn, insults,
!always_set_home
Defaults env_keep += HOME, env_keep += EDITOR, env_keep += VISUAL
Defaults env_keep += LD_PRELOAD
Defaults env_delete -= LD_*, env_delete -= LD_PRELOAD, !noexec
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
----
and here's how I've been testing:
----
me at mybox:~$ sudo env |grep LD_
Password:
me at mybox:~$
----
I don't claim to understand entirely how the sudo code works wrt
environment manipulation, and my hypothesis is that it's smarter than
I am. I can't find any explicit case where it's removing LD_PRELOAD,
though, and given that I can't find that, it seems like the above
ought to keep LD_PRELOAD in the environment... does the order matter
somehow? It looked like the code in env.c reads in the entire sudoers
file and then processess all its environment machinations with the
full set of what's changed through Defaults.
thanks,
dsc
More information about the sudo-users
mailing list