[sudo-users] security bug -- sudo undefines functions in environment
Todd C. Miller
Todd.Miller at courtesan.com
Wed Aug 6 14:23:31 MDT 2014
On Wed, 06 Aug 2014 14:07:01 -0600, "Todd C. Miller" wrote:
> That is why I am proposing the ability to match on content as well
> if the pattern in sudoers includes the '='. Then it is a simple
> matter of matching on "foo=()*".
Funny thing, this already works. The matching code doesn't treat
a '=' in the env_keep or env_delete lists specially so you can
already match on the full environment string.
More information about the sudo-users