First Last Prev Next    This bug is not in your last search results.
Bug 161 - Sudo clears KRB5CCNAME before doing passwd lookups
Sudo clears KRB5CCNAME before doing passwd lookups
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Sudo
1.6.7
PC All
: normal normal
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-17 03:31 MST by Ian Grant
Modified: 2004-11-17 13:17 MST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ian Grant 2004-11-17 03:31:58 MST 
Sudo clears the environment of all but a few known variables (HOME etc) before
doing user lookups with getpwent etc. This is a problem when something like
nss_ldap is configured for password table lookups using GSSAPI authentication
because the user's credentials may be needed to do the lookup. getXXXent calls
should be done before the environment is cleared.

This is a problem with 1.6.7p5 (as shipped with SuSE 9.2) and I would guess
1.6.8 as well.
Comment 1 Todd C. Miller 2004-11-17 09:17:48 MST 
I'm going take the conservative approach and just add KRB5CCNAME to the list of variables 
preserved.
First Last Prev Next    This bug is not in your last search results.