Yep, here is the beginning of my /etc/sudoers: # sudoers file. # # This file MUST be edited with the 'visudo' command as root. # # See the sudoers man page for the details on how to write a sudoers file. #
# Host alias specification # User alias specification # Cmnd alias specification # Defaults specification Defaults env_reset Defaults env_keep += "BLOCKSIZE" Defaults env_keep += "COLORFGBG COLORTERM" Defaults env_keep += "__CF_USER_TEXT_ENCODING" Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE" Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME" Defaults env_keep += "LINES COLUMNS" Defaults env_keep += "LSCOLORS" Defaults env_keep += "SSH_AUTH_SOCK" Defaults env_keep += "TZ" Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY" Defaults env_keep += "EDITOR VISUAL" OK, this looks like true security feature then. Back to playing with .pth files then. On 11/2/07, Boyd Waters <[EMAIL PROTECTED]> wrote: > FYI: > > On Leopard, "sudo" filters environment variables, including PYTHONPATH. > > > I have not tested this with MacPorts yet; I've been running MacPorts > as a "normal" user without sudo. Will this matter for MacPorts? > > > > Running "sudo -V" as root shows sudo's settings; part of that is > > environment variables that it will not pass on or that it will > > check for dangerous content. > > > On Nov 2, 2007, at 2:59 PM, Boyd Waters wrote: > > > One work-around is to add this line to /etc/sudoers: > > > > Defaults env_keep += "PYTHONPATH" > > > > > > > > But that would involve editing a file in /etc as root. > > Straightforward enough, but likely to get overwritten and what if > > the user screws this up? > > > > > > So Plan B - > > > > what if you added something in a .pth file in /Library/Python/2.5/ > > site-packages that re-orders the sys.path? > > > > Wouldn't that always work? > > > > > > > > > > On Nov 2, 2007, at 2:49 PM, Boyd Waters wrote: > > > >> > >> On Nov 2, 2007, at 10:16 AM, Brian Granger wrote: > >> > >>> First, if you have set PYTHONPATH to point > >>> sys.path at the site-packages in /Library, this setting will be lost > >>> when you do: > >>> > >>> sudo python setup.py install > >> > >> > >> Ouch, another good one... > >> > >> This is almost certainly not a bug, but rather a security feature. > >> > >>> The administrator can add a line to the sudoers file: > >>> > >>> Defaults env_reset > >>> > >>> that will reset the environment to only contain the variables > >>> HOME, LOGNAME, > >>> PATH, SHELL, TERM, and USER, preventing this attack. > >> > >> > >> > > > > _______________________________________________ Pythonmac-SIG maillist - Pythonmac-SIG@python.org http://mail.python.org/mailman/listinfo/pythonmac-sig
