Bug 66043 - sudo removes environment variables
Summary: sudo removes environment variables
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sudo
Version: 7.3
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-06-04 21:48 UTC by Bertil Askelid
Modified: 2007-10-01 19:20 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-11-22 10:26:38 UTC
Embargoed:


Attachments (Terms of Use)
Script file for `x' (165 bytes, text/plain)
2002-06-04 21:50 UTC, Bertil Askelid
no flags Details
Script file for `y' (195 bytes, text/plain)
2002-06-04 21:52 UTC, Bertil Askelid
no flags Details

Description Bertil Askelid 2002-06-04 21:48:27 UTC
Description of Problem:

	sudo removes certain environment variables from a process.
	The following little scripts exemplifies exactly what is
	happening: see attached `x' and `y'.

	Run `x' and you see:

		~> ./x
		Password:
		X = x
		Y = y
		Z = z
		LOCAL is undefined
		TMP is undefined
		RE is undefined
		TM is undefined
		~> 

Version-Release number of selected component (if applicable):

	sudo-1.6.5p2-2

How Reproducible:

	Always

Steps to Reproduce:
1. run `./x' on command line
2. 
3. 

Actual Results:


Expected Results:


Additional Information:

Comment 1 Bertil Askelid 2002-06-04 21:50:24 UTC
Created attachment 59705 [details]
Script file for `x'

Comment 2 Bertil Askelid 2002-06-04 21:52:14 UTC
Created attachment 59706 [details]
Script file for `y'

Comment 3 Bernhard Rosenkraenzer 2002-06-10 15:53:07 UTC
This is intentional. 
Current versions of sudo clear the environment except for a couple of known 
safe variables to prevent security leaks (e.g. buffer overruns by passing 
invalid arguments to an application or stuff like export 
LD_PRELOAD=givemearootshell.so; sudo something_you_may_do). 


Comment 4 Trevin Beattie 2007-10-01 17:51:42 UTC
Please add this behavior to the sudo man page, and provide a mechanism for
passing specific environment variables to the process.


Comment 5 Trevin Beattie 2007-10-01 19:20:02 UTC
Disregard the second part of that request; I found it in the sudoers file.  Just
please document what you did in the man page.



Note You need to log in before you can comment on or make changes to this bug.