[sudo-users] security bug -- sudo undefines functions in environment

Todd C. Miller Todd.Miller at courtesan.com
Wed Aug 6 14:46:18 MDT 2014

On Wed, 06 Aug 2014 14:23:31 -0600, "Todd C. Miller" wrote:

> Funny thing, this already works.  The matching code doesn't treat
> a '=' in the env_keep or env_delete lists specially so you can
> already match on the full environment string.

My mistake, the check for bash functions comes before the env_keep
checks.  So further changes will be needed after all.

 - todd

More information about the sudo-users mailing list