Bug 18 – Defaults secure_path in /etc/sudoers read too late

Bug 18 - Defaults secure_path in /etc/sudoers read too late


Summary:	Defaults secure_path in /etc/sudoers read too late

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.4
Hardware:	Sun All

Importance:	normal normal
Assigned To:	Todd C. Miller

URL:

Duplicates:	26 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2000-11-23 13:12 MST by simonl
Modified:	2004-11-12 13:56 MST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description simonl 2000-11-23 13:12:15 MST

If you set "Defaults secure_path=blah" in /etc/sudoers, it isn't used by
find_path() when looking for the command to run, because find_path is called
before the sudoers file has been read.

Comment 1 Todd C. Miller 2000-12-08 09:55:59 MST

This is a tough one to fix since the path to the program to be looked up has to
be set before parsing sudoers.  A two-pass reading of sudoers may be required,
one for the defaults and another for permissions check.

Comment 2 Todd C. Miller 2001-02-19 07:40:59 MST

*** Bug 26 has been marked as a duplicate of this bug. ***

Comment 3 Todd C. Miller 2004-11-12 09:56:34 MST

The next major release of sudo (1.6.9 or 1.7.0) will have a new parser and the secure_defaults 
runtime option will be restored.