[sudo-users] security bug -- sudo undefines functions in environment
L. A. Walsh
sudo at tlinx.org
Sat Aug 2 22:11:14 MDT 2014
I'm not quite sure what changed exactly, but for how long
has sudo filtered out functions regardless of settings to
preserve the environment?
It's causing problems in my setup, with prompts not changing
(functions in the prompts), No alert that I'm in root --
(usually prompt changes to red and ends with a "#".
Now no change...
command completion no longer works because
it uses hundreds of functions:
> typeset -f|grep '()'|wc
377 728 6879
bash: titlebar: command not found
/home/law/bin/spwd: line 35: spwd: readonly function
> typeset -f |wc
0 0 0
So because the function 'spwd' was missing, it tried to find an 'spwd'
to run (running random commands now happens due to missing functions).
But then it couldn't define the function because the function was
When people say "don't reset the environment" and sudo
wipes all of the admin's functions out, that doesn't make things
I tried looking at a few versions of the source, but couldn't see
when it was added...?
Not sure why I just got hit with this, but something to do
with a "bash_completion" package I installed causing different
bash scripts to be called in some new order... hmmm...
More information about the sudo-users