to the note about the HOME change in UPGRADE.
--HG--
branch : 1.7
Defaults env_keep += MAIL
to preserve the old value of MAIL.
+ NOTE: preserving HOME has security implications since many programs
+ use when searching for configuration files. Adding HOME to env_keep
+ may enable a user to run unrestricted commands via sudo.
+
o Upgrading from a version prior to 1.7.0:
Starting with sudo 1.7.0, comments in the sudoers file must not
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
+## Run X applications through sudo; HOME is used to find the
+## .Xauthority file. Note that other programs use HOME to find
+## configuration files and this may lead to privilege escalation!
+# Defaults env_keep += "HOME"
+##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
these are a bit contrived. First, we allow a few environment
variables to pass and then define our I<aliases>:
- # Run X applications through sudo; HOME is used to find .Xauthority file
- # Note that some programs may use HOME for other purposes too and
- # this may lead to privilege escalation!
- Defaults env_keep = "DISPLAY HOME"
+ # Run X applications through sudo; HOME is used to find the
+ # .Xauthority file. Note that other programs use HOME to find
+ # configuration files and this may lead to privilege escalation!
+ Defaults env_keep += "DISPLAY HOME"
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
projects / sudo / commitdiff