Hi again! Bdale Garbee [2006-01-11 22:04 -0700]: > On Wed, 2006-01-11 at 16:38 +0100, Martin Schulze wrote: > > > Bdale, what do you think? > > I'm ok with it. Does someone have a patch representing this behavior?
I now finished the first version of the patch [1]. Please note that I tried to keep the patch small; if this should be accepted upstream, then env.c should be cleaned up severely. I did the same changes to the LDAP backend; the change is fairly straightforward, but I did not test it. I programmed it defensively, so the worst that can happen is that your environment is slaughtered even if you can execute "ALL" commands. Does someone of you happen to use sudo with LDAP? I would highly appreciate some more pairs of eyes on the patch, though. > What upstream shipped for p12, plus env_reset added to sudoers when > nothing already exists and we're creating one from scratch. I disabled the addition of env_reset in Ubuntu, since it doesn't help for upgrades and would annoy real admins (with no command restriction) too much, BTW. Thanks for considering, Martin [1] http://patches.ubuntu.com/patches/sudo.envhandling.patch -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature