Bug 668

Summary: Variables being removed from operating environment despite !env_reset
Product: Sudo Reporter: philburg2
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED INVALID    
Severity: normal CC: philburg2
Priority: low    
Version: 1.8.9   
Hardware: IBM   
OS: AIX   

Description philburg2 2014-10-03 09:21:09 MDT 
Overview: Recently a customer we upgraded sudo from 1.6.6 to 1.8.9p5 complained that their scripts weren't working.  An sftp function was failing because the related path the binary was being lost.  This operating path was contained in a variable called FPATH. !env_reset was in the defaults of the sudoers file, so I expected the variable to persist.

Steps to Reproduce: Set a variable called FPATH, have that variable be set by a user's .profile, launch a script that calls another script with a sudo call, as another user, eching the variable.  Most likely the variable will be blank despite it existing in the original wrapper script.

Actual Results: SFTP not found, RC 127 for program, FPATH blank.

Expected Results: SFTP completed with RC=0, FPATH with appropriate binary path.

Build Date & Hardware: Sudo 1.8.9p5 AIX, pre-compiled into bff

Current workaround:  By adding an env_delete -="FPATH" the script works

Request: It's my understanding that !env_reset should be all inclusive of variables, please investigate why the variable may have been lost.  Thank you.

-Phil
Comment 1 Todd C. Miller 2014-10-03 09:59:55 MDT 
By default, sudo uses a whitelist for environment variables when env_reset is enabled.  When env_reset is disabled, a blacklist of potentially dangerous variables is used instead, which is contained in the env_delete list.  FPATH is on that blacklist by default.  You can see the contents of the list by running "sudo -V" as root.  From the manual:

     env_delete        Environment variables to be removed from the user's
                       environment when the env_reset option is not in effect.
                       The argument may be a double-quoted, space-separated
                       list or a single value without double-quotes.  The list
                       can be replaced, added to, deleted from, or disabled by
                       using the =, +=, -=, and ! operators respectively.  The
                       default list of environment variables to remove is
                       displayed when sudo is run by root with the -V option.
                       Note that many operating systems will remove
                       potentially dangerous variables from the environment of
                       any setuid process (such as sudo).