Bug 92

For writing utilities that take advantage of the sudo functionality, it would be
great if sudo itself would make some information visible e.g. through
environment variables.

As it is now, there is no way to be sure that what is in the environment was put
there in a controlled fashion. If sudo would make sure to zap preexisting values
of certain variables, and fill them in with certifiably correct information, it
would be rather easy to write e.g. an "editor plug-in" to replace and enhance
visudo. (See bug #91.)

However, presently this is very hard to do securely using sudo -- you'd have to
essentially duplicate the privilege and authentication mechanisms of sudo to
provide something similar.

This is sketchy at this point, but I'd love to be able to make a script like the
following (off the top of my head -- not tested at all):

  #!/usr/bin/perl
  # something -- do something which requires root privs

  # do something which requires root privs
  
  chown ($ENV{"REALUID"}, $ENV{"REALGID"}, "somefile");

  # now drop privileges
  $< = $ENV{"REALUID"};
  $( = $ENV{"REALGID"};

  # now do something less secure
  system ($ENV{"EDITOR"} || $ENV{"VISUAL"}
     || "c:\\winnt\\system\\notepad.exe"  # just kidding :-)
      , "somefile") || die "Couldn't, sorry";

  # regain privileges
  $< = $>;
  $( = $);

  # restore ownership
  chown ($<, $>, "somefile");

which could then be invoked as

  sudo dosomething

and give a sane environment where REALUID, REALGID, and probably also VISUAL and
EDITOR are set up to contain sanitized values (or nothing). In case it's not
obvious, the REALUID and REALGID variables should contain the UID and GID of the
user who invoked sudo in the first place.