Contributed by dwc on from the make-me-a-sandwich dept.
Todd C. Miller (millert@) wrote to several lists to make the following announcement:
I have just committed sudo 1.6.9p1 to the OpenBSD tree. The biggest change in 1.6.9p1 that will affect folks is the environment handling. Previously, sudo would pass the existing environment through to the command to be run after pruning out some variables that were potentially dangerous. Unfortunately, "potentially dangerous" is a more or less infinite set these days. As a result, the default in 1.6.9p1 is to reset the environment to a small default with only certain variables preserved from the previous environment.
Read on for important details and configuration hints...
This is totally configurable in sudoers and there are several ways to deal with it. 1) Change the default back to the way it was with a line like: Defaults !env_reset in sudoers. 2) Add the variables you need to have preserved to the env_keep list. E.g. Defaults env_keep += "DESTDIR RELEASEDIR FLAVOR" 3) Use the SETENV tag on commands or the setenv Defaults options. E.g. %wheel ALL = (ALL) SETENV: ALL then use "sudo -E" when you need to preserve the environment or specify the variables on the command line using sudo: $ sudo DESTDIR=/home/dst RELEASEDIR=/home/rel make release The default sudoers file will have a commented out entry for the wheel group like #3. I've been using sudo with the environment resetting myself for two years now and several of the Linux distributions make this the default as well so it shouldn't be a huge deal. - todd
(Comments are closed)
By Anonymous Coward (74.14.137.225) on
Comments
By Chl (82.240.25.187) on
I think it's because this is sudo and not OpenSudo.
Comments
By Anonymous Coward (74.14.137.225) on
>
> I think it's because this is sudo and not OpenSudo.
In a way it is actually, since no only is it developed by an OpenBSD developer, but it is an opened up version of sudo, which had previously been less liberal in terms.
Comments
By Anonymous Coward (128.171.90.200) on
http://www.gratisoft.us/sudo/history.html
Comments
By Anonymous Coward (74.14.137.225) on
>
> http://www.gratisoft.us/sudo/history.html
And that corroborates my little blurb, it had been GPLed, but Todd de-GNUed it.
Comments
By Anonymous Coward (128.171.90.200) on
By Anonymous Coward (140.226.197.139) on
By Anonymous Coward (85.178.73.24) on
Nomatter if it deals with data protection or "real" security.
Does ustar has to disclosure System-Accounts?
Does mkhybrid has to name itself and the commands used in the ISO Headers?
In fact: No...
So these sudo Changes are a step into the right direction