--- env.c.default_whitelist 2006-08-31 10:42:20.876139632 -0600
+++ env.c 2006-08-31 10:42:20.876139632 -0600
@@ -89,6 +89,8 @@ static char *format_env __P((char *, ..
static const char *initial_badenv_table[] = {
"IFS",
"CDPATH",
+ "SHELLOPTS",
+ "PS4",
"LOCALDOMAIN",
"RES_OPTIONS",
"HOSTALIASES",
@@ -134,6 +136,7 @@ static const char *initial_checkenv_tabl
"LC_*",
"LANG",
"LANGUAGE",
+ "TERM",
NULL
};
@@ -359,6 +362,14 @@ rebuild_env(envp, sudo_mode, noexec)
break;
}
}
+
+ if (!strncmp (*ep, "DISPLAY=",8)
+ || !strncmp (*ep, "XAUTHORITY=", 11)
+ || !strncmp (*ep, "XAUTHORIZATION=", 15)
+ || !strncmp (*ep, "LANG=", 5)
+ || !strncmp (*ep, "LANGUAGE=", 9)
+ || !strncmp (*ep, "LC_", 3))
+ keepit = 1;
/* For SUDO_PS1 -> PS1 conversion. */
if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
--- sudo.c.default_whitelist 2005-03-24 18:56:41.000000000 -0700
+++ sudo.c 2006-08-31 11:19:46.538037412 -0600
@@ -696,7 +696,9 @@ parse_args(argc, argv)
SET(rval, (MODE_IMPLIED_SHELL | MODE_SHELL));
return(rval);
}
-
+
+ /* force env_reset to be always active */
+ def_env_reset = TRUE;
while (NewArgc > 0 && NewArgv[0][0] == '-') {
if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0')
warnx("please use single character options");
--- sudoers.default_whitelist 2006-08-31 10:44:32.592901267 -0600
+++ sudoers 2006-08-31 10:44:32.592901267 -0600
@@ -12,6 +12,7 @@
# Cmnd alias specification
# Defaults specification
+# Defaults syslog=auth
# Runas alias specification
--- sudoers.pod.default_whitelist 2006-08-31 10:46:21.895943173 -0600
+++ sudoers.pod 2006-08-31 10:46:21.895943173 -0600
@@ -437,12 +437,19 @@
If set, B<sudo> will reset the environment to only contain the
following variables: C<HOME>, C<LOGNAME>, C<PATH>, C<SHELL>, C<TERM>,
+C<DISPLAY>, C<XAUTHORITY>, C<XAUTHORIZATION>,
+C<LANG>, C<LANGUAGE>, C<LC_*>,
and C<USER> (in addition to the C<SUDO_*> variables).
-Of these, only C<TERM> is copied unaltered from the old environment.
+
+Of these, only C<TERM>, C<DISPLAY>, C<XAUTHORITY>, C<XAUTHORIZATION>,
+C<LANG>, C<LANGUAGE>, and C<LC_*> are copied unaltered from the old environment.
The other variables are set to default values (possibly modified
by the value of the I<set_logname> option). If B<sudo> was compiled
with the C<SECURE_PATH> option, its value will be used for the C<PATH>
environment variable.
+
+This option is enabled by default.
+
Other variables may be preserved with the I<env_keep> option.
=item use_loginclass
--- sudo.pod.default_whitelist 2006-08-31 11:18:10.697339776 -0600
+++ sudo.pod 2006-08-31 11:18:10.697339776 -0600
@@ -205,8 +205,9 @@
being run as. The command name argument given to the shell begins
with a C<-> to tell the shell to run as a login shell. B<sudo>
attempts to change to that user's home directory before running the
-shell. It also initializes the environment, leaving I<TERM>
-unchanged, setting I<HOME>, I<SHELL>, I<USER>, I<LOGNAME>, and
+shell. It also initializes the environment, leaving I<TERM>,
+I<DISPLAY>, I<XAUTHORITY>, I<XAUTHORIZATION>, I<LANG>, I<LANGUAGE>, and
+I<LC_*> unchanged, setting I<HOME>, I<SHELL>, I<USER>, I<LOGNAME>, and
I<PATH>, and unsetting all other environment variables. Note that
because the shell to use is determined before the I<sudoers> file
is parsed, a I<runas_default> setting in I<sudoers> will specify
