Bug 835

Summary: inconsistently refusing to combine -i -E when accepting -i and env_keep
Product: Sudo Reporter: Eli Schwartz <eschwartz>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal CC: evangelos
Priority: low    
Version: 1.8.23   
Hardware: PC   
OS: Linux   

Description Eli Schwartz 2018-05-16 07:37:02 MDT 
Regression since changeset b511e35d9be4 although arguably by design. :p

I don't understand why these two options should be deemed mutually exclusive, though this changeset merely served to ensure existing codepaths were properly triggered... I think the original intent is wrong.

It's inconsistent behavior to allow env_keep to preserve environment variables when using --login, but then refuse to allow it when using --preserve-env. If these options are really considered to be incompatible, then keep_env should not work either...

However! The sudoers manpage explicitly states:

All other environment variables are removed unless permitted by env_keep or env_check, described above.

This indicates that adding additional to-be-kept variables to the base --login policy is an expected behavior, and as I understand --preserve-env to be equal in all ways to keep_env, it shouldn't be arbitrarily restricted in additional ways.

Note: we use(d) this on Arch Linux in https://git.archlinux.org/devtools.git/commit/?id=eab5aba9b027a7689acaf2382a04ff69b5b8771e but it just broke with the package update to sudo 1.8.23-1 (this bugreport is incorrectly marked as affecting 1.8.22 but there is no option to select 1.8.23).

The manpage does not seem to indicate these options are incompatible or meant to be incompatible, and it successfully passed our environment variable down to the command that needed it, so I expected this to work by design.
Comment 1 Todd C. Miller 2018-05-16 09:15:54 MDT 
The original intent was to prevent the use of -i along with -E, since it doesn't make much sense to try to preserve nothing and everything.  In the old days, -i implied env_reset whereas -E implied env_keep.

However, the newer --preserve-env=VARIABLE syntax is actually equivalent to passing VARIABLE=value to sudo and so should be allowed.  This is fixed in https://www.sudo.ws/repos/sudo/rev/8ea75ca8fbd2
Comment 2 Eli Schwartz 2018-05-16 09:19:58 MDT 
Thanks for the rapid fix!
Comment 3 Todd C. Miller 2018-08-18 13:26:43 MDT 
Fixed in sudo 1.8.24, available now.