[sudo-users] env_keep and LD_LIBRARY_PATH

Michael Potter pottmi at gmail.com
Wed Dec 6 21:42:10 EST 2006


Angelo,

I suspect this is the correct one:
Default env_delete-=LD_LIBRARY_PATH
except, Linux is probably reseting LD_LIBRARY_PATH before it runs sudo or
any other setuid program.

Tell us more about what you are trying to do:
Why are you trying to run a program as root with libraries in non-standard
locations?

One patch to sudo that I think would be easy to do, safe, and useful, would
be this:
Default setenv+=LD_LIBRARY_PATH=/usr/lib:/lib:/non/std/but/safe/lib

Todd, can you comment?

As for wrapper scripts being too annoying, how about this:
------------------------
#!/bin/bash

if [[ $SUDO_USER == "" ]]
then
   exec sudo $*
   exit 1 # exit if exec fails.
fi

# put commands here.
------------------------

That way the wrapper script is also a short cut for running sudo.

That is just a thought; I have not done that.  I would be interested in
community commenting on security aspects of that.

-- 
Michael Potter

On 12/6/06, Angelo Primavera <a.primavera at quipo.it> wrote:
>
> Hi all,
>
> I have read some posts about how to  keep the LD_LIBRARY_PATH variable and
> the answer seams to be of two type:
>
>     use a command wrapper
>
>     use the Default setting for env_delete/env_keep.
>
>
>
> I 'm using sudo 1.6.8p12 on Linux redhat 7.3 and I would like to avoid the
> wrapper ( system user are already annoyed  using "sudo" command!) so I've
> tried each of next options :
>
>     Default env_delete-=LD_LIBRARY_PATH
>
>     Default env_delete-=LD_*
>
>     Default env_keep+=LD_LIBRARY_PATH
>
>     Default env_keep+=LD_*
>
> Unfortunately none of them works.
>
>
>
> My question is:
>
>     env_delete /env_keep options are applicable to LD_LIBRARY_PATH? If
> yes, what is wrong with my settings?
>
>
>
> Thank you in advance
>
>
>
> Angelo
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>



More information about the sudo-users mailing list