Further, this behavior causes root-owned files and directories in a user's home directory, e.g.:
ubuntu@lp1556302:~$ ls -l /home/ubuntu/.vim* ls: cannot access '/home/ubuntu/.vim*': No such file or directory ubuntu@lp1556302:~$ sudo vim /tmp/test ubuntu@lp1556302:~$ ls -l /home/ubuntu/.vim* -rw------- 1 root root 700 May 14 16:31 /home/ubuntu/.viminfo ubuntu@lp1556302:~$ ls -ld /home/ubuntu/.emacs* ls: cannot access '/home/ubuntu/.emacs*': No such file or directory ubuntu@lp1556302:~$ sudo emacs /tmp/test ubuntu@lp1556302:~$ ls -ld /home/ubuntu/.emacs* drwx------ 2 root root 4096 May 14 16:32 /home/ubuntu/.emacs.d bug 1828208 and so on. This problem is true for *any* program/application that creates any files in $HOME, and might be run under sudo. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1556302 Title: Ubuntu patch to add HOME to env_keep makes custom commands vulnerable by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
