Bug 459 – !env_reset and env_keep are mutually exclusive

Bug 459 - !env_reset and env_keep are mutually exclusive


Summary:	!env_reset and env_keep are mutually exclusive

Status:	RESOLVED INVALID

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.7.4
Hardware:	Sun Solaris 2.x

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2010-12-30 12:04 MST by chesneyb
Modified:	2011-01-28 16:26 MST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description chesneyb 2010-12-30 12:04:37 MST

If I implement

Default !env_reset
and 
Defaults env_keep += PERL5LIB

The env_keep statement does not work.
If I do env_keep and do not use !env_reset, env_keep works.
Although many will immediately complain about the security issues ref using PERL5LIB in this manner, I can only suggest that security is not the problem here.  The problem is that for specific scenarios, we can not use !env_reset and env_keep at the same time in order to pass specific variables through.  Let the Admin worry about the security, please allow the feature.

Am I correct in assuming that this is a bug?

Comment 1 Todd C. Miller 2011-01-28 16:26:50 MST

env_keep is only intended to be used in conjunction with env_reset.  For the !env_reset case you can remove items from the env_delete blacklist instead.  E.g.

Defaults !env_reset
Defaults env_delete -= "PERL5LIB"