honor def_default_path for PATH set on the command line

author Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 9 Jul 2007 17:25:45 +0000 (17:25 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 9 Jul 2007 17:25:45 +0000 (17:25 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 9 Jul 2007 17:25:45 +0000 (17:25 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 9 Jul 2007 17:25:45 +0000 (17:25 +0000)
diff --git a/env.c b/env.c

index f831ea298f3f3fa8996e677e879ca501890a3362..938b1ab3a9a2024d1ae35580654798cf337c8a31 100644 (file)
--- a/env.c
+++ b/env.c
@@ -592,7 +592,6 @@ rebuild_env(envp, sudo_mode, noexec)
  
      /* Add user-specified environment variables. */
      /* XXX - this is not safe, should be done after authentication. */
-    /* XXX - also honor secure_path */
      for (cur = sudo_user.env_vars; cur != NULL; cur = cur->next)
         insert_env(cur->value, &env, 1);
  
@@ -614,7 +613,10 @@ validate_env_vars(env_vars)
      int okvar;
  
      for (var = env_vars; var != NULL; var = var->next) {
-       if (def_env_reset) {
+       if (def_secure_path && !user_is_exempt() &&
+           strncmp(var->value, "PATH=", 5) == 0) {
+           okvar = FALSE;
+       } else if (def_env_reset) {
             okvar = matches_env_check(var->value);
             if (okvar == -1)
                 okvar = matches_env_keep(var->value);
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 9 Jul 2007 17:25:45 +0000 (17:25 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 9 Jul 2007 17:25:45 +0000 (17:25 +0000)