Package: sudo Version: 1.6.8p7-1.3 Severity: important Part of the fallout of the recent environment cleanup patch was that for pretty much any meaningful work it is now required to use env_reset so that subsequent env_keep or env_check additions take effect (see 349729, 349196 and 349129). This issue is related.
unfortunately env_reset destroys the PATH, regardless of any env_keep that might include PATH. env_keep does NOT keep the path but rather fucks it up totally. You get a process that has two PATH variables in its env, the latter one including only /usr/bin:/bin. At least bash uses this last duplicate entry. So you're in a nice pickle: no env_reset/env_keep and you lose all other useful vars and get the debian default path (!= yours), or you do use env_reset/env_keep to make other vars survive but now path is a worthless /usr/bin:/bin. As this affects the more important usage pattern of sudo badly (sudo someprogram vs. sudo someshell and then interactive control), I think this is an important problem. How to reproduce: run "sudo env", with this in the sudoers file to make other stuff work: "Defaults env_reset, env_keep=*, always_set_home" $ sudo env XAUTHORITY=/home/az/.Xauthority ...snipped lots of vars that came through clean... PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin PWD=/home/az COLORTERM=rxvt-xpm _=/usr/bin/sudo PATH=/usr/bin:/bin SUDO_COMMAND=/usr/bin/env SUDO_USER=az SUDO_UID=1000 SUDO_GID=1000 Note the broken duplicate PATH, the first of which is SECURE_PATH. My path is quite definitely more extensive than /usr/bin:/bin and I don't know which part of sudo messed this up so badly. with a sudoers without the above defaults line: $ sudo env TERM=rxvt LC_CTYPE=de_AT PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin LOGNAME=root USER=root HOME=/root SUDO_COMMAND=/usr/bin/env SUDO_USER=az SUDO_UID=1000 SUDO_GID=1000 -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (980, 'testing'), (970, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.14 Locale: LANG=C, LC_CTYPE=de_AT (charmap=ISO-8859-1) Versions of packages sudo depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam0g 0.76-22 Pluggable Authentication Modules l -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]