[sudo-users] !env_reset clobbering environment
Todd C. Miller
Todd.Miller at courtesan.com
Wed Dec 1 17:59:10 EST 2010
In message <AANLkTimAipDTh1pVh3atNhULgEE1YMtJTgpBJOpWS9jZ at mail.gmail.com>
so spake Joe Keller (joseph.w.keller):
> I am using sudo-1.7.2p1-7.el5_5.i386.rpm and have a strange issue where it
> looks like sudo is clobbering the PERL5LIB environment variable. I have
> "Defaults !env_reset" in my /etc/sudoers file and have the following test
> script:
The PERL5LIB environment variable is in the env_delete list, which
takes effect when env_reset is disabled. You can remove it with:
Defaults env_delete -= PERL5LIB
Be aware that it is trivial to subvert many perl scripts by
setting PERL5LIB, which is why it is removed from the environment
by default.
You can see the default contents of the env_delete list by running
"sudo -V" as root. Look for the "Environment variables to remove"
section.
- todd
More information about the sudo-users
mailing list