[sudo-users] security bug -- sudo undefines functions in environment
Todd C. Miller
Todd.Miller at courtesan.com
Wed Aug 6 14:46:18 MDT 2014
On Wed, 06 Aug 2014 14:23:31 -0600, "Todd C. Miller" wrote:
> Funny thing, this already works. The matching code doesn't treat
> a '=' in the env_keep or env_delete lists specially so you can
> already match on the full environment string.
My mistake, the check for bash functions comes before the env_keep
checks. So further changes will be needed after all.
- todd
More information about the sudo-users
mailing list