[sudo-users] !env_reset clobbering environment

Todd C. Miller Todd.Miller at courtesan.com
Wed Dec 1 17:59:10 EST 2010

In message <AANLkTimAipDTh1pVh3atNhULgEE1YMtJTgpBJOpWS9jZ at mail.gmail.com>
	so spake Joe Keller (joseph.w.keller):

> I am using sudo-1.7.2p1-7.el5_5.i386.rpm and have a strange issue where it
> looks like sudo is clobbering the PERL5LIB environment variable.  I have
> "Defaults !env_reset" in my /etc/sudoers file and have the following test
> script:

The PERL5LIB environment variable is in the env_delete list, which
takes effect when env_reset is disabled.  You can remove it with:

    Defaults	env_delete -= PERL5LIB

Be aware that it is trivial to subvert many perl scripts by
setting PERL5LIB, which is why it is removed from the environment
by default.

You can see the default contents of the env_delete list by running
"sudo -V" as root.  Look for the "Environment variables to remove"

 - todd

More information about the sudo-users mailing list