Bug 18

Summary: Defaults secure_path in /etc/sudoers read too late
Product: Sudo Reporter: simonl
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: normal    
Version: 1.6.4   
Hardware: Sun   
OS: All   

Description simonl 2000-11-23 13:12:15 MST 
If you set "Defaults secure_path=blah" in /etc/sudoers, it isn't used by
find_path() when looking for the command to run, because find_path is called
before the sudoers file has been read.
Comment 1 Todd C. Miller 2000-12-08 09:55:59 MST 
This is a tough one to fix since the path to the program to be looked up has to
be set before parsing sudoers.  A two-pass reading of sudoers may be required,
one for the defaults and another for permissions check.
Comment 2 Todd C. Miller 2001-02-19 07:40:59 MST 
*** Bug 26 has been marked as a duplicate of this bug. ***
Comment 3 Todd C. Miller 2004-11-12 09:56:34 MST 
The next major release of sudo (1.6.9 or 1.7.0) will have a new parser and the secure_defaults 
runtime option will be restored.