First Last Prev Next    This bug is not in your last search results.
Bug 387 - Keeps incorrect MAIL env var
Keeps incorrect MAIL env var
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Sudo
1.7.1
PC Linux
: low normal
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-01-15 16:55 MST by Loïc Minier
Modified: 2010-08-02 15:05 MDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Loïc Minier 2010-01-15 16:55:24 MST 
Hey

(I initially reported this bug in Ubuntu https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/507934 )

If I login over ssh as initialuser to a server and "sudo -i -u anotheruser" or "sudo -s -u anotheruser", MAIL= is set to /var/mail/initialuser which means that e.g. mail/mailx/mutt or even zsh are using the wrong mailbox.

It seems that MAIL is set in either of these ways:
- sshd sets it (apparently by default; not sure how to override)
- pam_mail sets it unless noenv is passed in the PAM config; the default PAM config for "login" and "su" use pam_mail without noenv and the default config of sshd uses pam_mail *with* noenv
- some custom shell config might set it

I see that MAIL is listed in the list of env vars to keep by default; I think various vars such as HOME are kept so that the program launched by sudo acts on files from the launching user, or using e.g. its XAUTHORITY credentials.  Following this rationale, it probably makes sense to do that.  However when opening an interactive session, it might make less sense.

If I compare:
sudo env | grep $USER
to:
sudo -i env | grep $USER

I see that HOME is only kept in non-interactive sessions.

I suspect it would make sense to do something similar for MAIL in interactive session.

It's probably less simple to compute MAIL than HOME, but it might be possible to handle this with pam_mail.

sshd does compute MAIL, so it disables pam_mail's MAIL computation:
session    optional     pam_mail.so standard noenv
which will produce output if some mail is available in $MAIL but not if it's empty.  (MAIL computation is a basedir + username, the basedir is configured at build time)

login uses a plain call:
session    optional   pam_mail.so standard

and su is the most interesting one:
session    optional   pam_mail.so nopen
(output is disabled)

I wonder what would make sense for sudo; perhaps the su approach or perhaps using two PAM files (one for interactive and one for non-interactive sessions) or perhaps just like sshd it should compute MAIL itself just like HOME.

I think all three kind of make sense; probably the third is the least intrusive and matches HOME; it's also easier to only do that for interactive session.

What do you think?

Thanks,
Comment 1 Todd C. Miller 2010-07-19 16:12:57 MDT 
In sudo 1.7.4, MAIL will be set based on the target user when the -i option is specified on the command line or when the sudoers option env_reset is enabled (which is the default).
Comment 2 Todd C. Miller 2010-08-02 15:05:24 MDT 
Sudo 1.7.4 is out now and fixes this problem.
First Last Prev Next    This bug is not in your last search results.