[sudo-users] security bug -- sudo undefines functions in environment

Todd C. Miller Todd.Miller at courtesan.com
Tue Aug 5 16:02:19 MDT 2014


On Sun, 03 Aug 2014 23:11:31 -0700, "L. A. Walsh" wrote:

> Can you explain why it shouldn't be configurable?

I'll consider allowing env_keep match bash-style functions in the
environment for sudo 1.8.11.  It still seems dangerous but if you
are not actually using sudo to restrict root access I suppose it
is not any worse than allowing PS4 to be preserved.

 - todd


More information about the sudo-users mailing list