The *downside* of reverting our custom patch is that end-users are used to all their personal customization of applications from $HOME working; i.e. currently, when anyone runs vim, emacs, bash, etc. under sudo, any ~/.WHATEVER customization they have will be retained. This is different than, essentially, all other UNIXes, and the fix for this bug would undo that, to put us back in line with all other UNIXes - but would result in behavior change for users, where e.g. 'sudo vim' would not pick up any of their ~/.vimrc configuration (or ~/.emacs.d for emacs, etc...)
Thus, this change, if we do make it, probably should only be done to Eoan and not SRUed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1556302 Title: Ubuntu patch to add HOME to env_keep makes custom commands vulnerable by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
