[sudo-users] security bug -- sudo undefines functions in environment

Todd C. Miller Todd.Miller at courtesan.com
Wed Aug 6 14:23:31 MDT 2014

On Wed, 06 Aug 2014 14:07:01 -0600, "Todd C. Miller" wrote:

> That is why I am proposing the ability to match on content as well
> if the pattern in sudoers includes the '='.  Then it is a simple
> matter of matching on "foo=()*".

Funny thing, this already works.  The matching code doesn't treat
a '=' in the env_keep or env_delete lists specially so you can
already match on the full environment string.

 - todd

More information about the sudo-users mailing list