[sudo-workers] sudo .ldaprc handling

Andrea Barisani lcars at gentoo.org
Mon Dec 19 02:59:20 EST 2005

Hi folks,

while dealing with the following bug
http://bugs.gentoo.org/show_bug.cgi?id=107634 someone pointed out this
fragment of code in relation to it from env.c:

#ifdef HAVE_LDAP
     * Prevent OpenLDAP from reading any user dotfiles
     * or files in the current directory.
    if (nep < ne_last)
	*nep++ = "LDAPNOINIT=1";
	errx(1, "internal error, attempt to write outside newenv");

It's suspected to be related to that bug, but honestly I don't think that's
the case. Anyway my question is, what's exactly the purpose of this?

Sudo is setuid and it runs as root, it's never meant to open any
/home/$user/.ldaprc file in the first place and only root's one if any will 
be considered as expected. Am I missing something?


Andrea Barisani <lcars at gentoo.org>                            .*.
Gentoo Linux Infrastructure Developer                          V
                                                             (   )
PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc   (   )
    0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E        ^^_^^
      "Pluralitas non est ponenda sine necessitate"

More information about the sudo-workers mailing list