[sudo-users] Sudo 1.7.4 env_reset with -i and -s

Tue Sep 14 11:45:32 EDT 2010

In message <4C8F8EE8.1020808 at warner.fm>
	so spake Doug Warner (doug):

> With versions of sudo < 1.7.4 I could have local users that used
> both "sudo -s" to preserve their home directory and "sudo -i" to
> get root's environment.  With sudo >=3D 1.7.4 (1.7.4p3 currently)
> I'm having a hard time coming up with the proper options to set to
> gain that functionality back.
>
> If I set "Defaults env_keep += HOME" then "sudo -s" works, but "sudo
> -i" doesn't (it doesn't get root's home directory).
>
> Any other ideas on what I can do if I want to otherwise keep env_reset
> set?

That is an unintentional change that will be addressed in sudo
1.7.5.  Below is a diff that addresses this (as well as interactions
with set_home and always_set_home).

 - todd

--- env.c	Wed Aug 18 15:27:03 2010
+++ env.c	Tue Sep 14 11:41:50 2010
@@ -608,10 +608,16 @@
 #ifdef ENV_DEBUG
     memset(env.envp, 0, env.env_size * sizeof(char *));
 #endif
-    if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
-	/* Reset HOME based on target user unless keeping old value. */
-	reset_home = TRUE;
 
+    /* Reset HOME based on target user if configured to. */
+    if (ISSET(sudo_mode, MODE_RUN)) {
+	if (def_always_set_home ||
+	    ISSET(sudo_mode, MODE_RESET_HOME | MODE_LOGIN_SHELL) || 
+	    (ISSET(sudo_mode, MODE_SHELL) && def_set_home))
+	    reset_home = TRUE;
+    }
+
+    if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
 	/* Pull in vars we want to keep from the old environment. */
 	for (ep = old_envp; *ep; ep++) {
 	    int keepit;
@@ -696,6 +702,11 @@
 	    if (!ISSET(didvar, DID_USERNAME))
 		sudo_setenv("USERNAME", user_name, FALSE);
 	}
+
+	/* If we didn't keep HOME, reset it based on target user. */
+	if (!ISSET(didvar, KEPT_HOME))
+	    reset_home = TRUE;
+
 	/*
 	 * Set MAIL to target user in -i mode or if MAIL is not preserved
 	 * from user's environment.
@@ -709,13 +720,6 @@
 	    sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
 	}
     } else {
-	/* Reset HOME based on target user if configured to. */
-	if (ISSET(sudo_mode, MODE_RUN)) {
-	    if (def_always_set_home || ISSET(sudo_mode, MODE_RESET_HOME) || 
-		(ISSET(sudo_mode, MODE_SHELL) && def_set_home))
-		reset_home = TRUE;
-	}
-
 	/*
 	 * Copy environ entries as long as they don't match env_delete or
 	 * env_check.
@@ -765,7 +769,7 @@
     }
 
     /* Set $HOME to target user if not preserving user's value. */
-    if (reset_home && !ISSET(didvar, KEPT_HOME))
+    if (reset_home)
 	sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
 
     /* Provide default values for $TERM and $PATH if they are not set. */

