Bug 1014

Summary: sudo manpage incorrectly claims PATH is passed unchanged
Product: Sudo Reporter: Marc Haber <mh+sudo-bugzilla>
Component: DocumentationAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.9.8   
Hardware: PC   
OS: Linux   

Description Marc Haber 2021-12-11 01:10:44 MST
Hi,

this is Debian Bug #659101, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659101, filed by Arnout Engelen

------
The sudo manpage, in the SECURITY NOTES section, mentions that:

  the actual PATH environment variable is not modified and is passed unchanged
  to the program that sudo executes

Whether this is true, however, depends on the configuration (i.e. 'secure 
path'). The docs should mention that.

See also http://stackoverflow.com/questions/257616/sudo-changes-path-why
------

Greetings
Marc
Comment 1 Todd C. Miller 2021-12-11 09:08:42 MST
I've updated the SECURITY NOTES section in commit https://www.sudo.ws/repos/sudo/rev/4f7035d6b921
Comment 2 Todd C. Miller 2022-01-27 19:48:50 MST
The changes are present in the 1.9.9 release.