[sudo-users] security bug -- sudo undefines functions in environment

L. A. Walsh sudo at tlinx.org
Mon Aug 4 12:13:12 MDT 2014

Edward Capriolo wrote:
> It seems like you have full control over what you would want to reset.
> http://superuser.com/questions/232231/how-do-i-make-sudo-preserve-my-environment-variables

That's the problem -  it **seems** .. but you really don't.

Things that the environment rely on are deleted, so instead of read-only
functions being executed, random hacker-placed files can be run from disk.

Seems like a new attack vector, similar to placing rogue binaries in CWD 
the a root user will run a prog in that dir.

More information about the sudo-users mailing list