mention why DONT_LEAK_PATH_INFO is not the default

author Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 14 Jun 1999 23:47:56 +0000 (23:47 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Mon, 14 Jun 1999 23:47:56 +0000 (23:47 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 14 Jun 1999 23:47:56 +0000 (23:47 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Mon, 14 Jun 1999 23:47:56 +0000 (23:47 +0000)
diff --git a/sudo.c b/sudo.c

index 3a2c9cc52eb7fac92d227736c91f8337a672c044..72b6e164e62702eb3533e533b951740acc4eaa1a 100644 (file)
--- a/sudo.c
+++ b/sudo.c
@@ -360,6 +360,13 @@ main(argc, argv)
             check_user();
  
         case VALIDATE_NOT_OK_NOPASS:
+           /*
+            * We'd like to not leak path info at all here, but that can
+            * *really* confuse the users.  To really close the leak we'd
+            * have to say "not allowed to run foo" even when the problem
+            * is just "no foo in path" since the user can trivially set
+            * their path to just contain a single dir.
+            */
  #ifndef DONT_LEAK_PATH_INFO
             log_error(rtn);
             if (cmnd_status == NOT_FOUND_DOT)
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 14 Jun 1999 23:47:56 +0000 (23:47 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Mon, 14 Jun 1999 23:47:56 +0000 (23:47 +0000)