[sudo-workers] sudo .ldaprc handling
Andrea Barisani
lcars at gentoo.org
Mon Dec 19 02:59:20 EST 2005
Hi folks,
while dealing with the following bug
http://bugs.gentoo.org/show_bug.cgi?id=107634 someone pointed out this
fragment of code in relation to it from env.c:
#ifdef HAVE_LDAP
/*
* Prevent OpenLDAP from reading any user dotfiles
* or files in the current directory.
*
*/
if (nep < ne_last)
*nep++ = "LDAPNOINIT=1";
else
errx(1, "internal error, attempt to write outside newenv");
#endif
It's suspected to be related to that bug, but honestly I don't think that's
the case. Anyway my question is, what's exactly the purpose of this?
Sudo is setuid and it runs as root, it's never meant to open any
/home/$user/.ldaprc file in the first place and only root's one if any will
be considered as expected. Am I missing something?
Cheers
--
Andrea Barisani <lcars at gentoo.org> .*.
Gentoo Linux Infrastructure Developer V
( )
PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( )
0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E ^^_^^
"Pluralitas non est ponenda sine necessitate"
More information about the sudo-workers
mailing list