or deleted we want to preserve or delete all of them.
to variables from the invoking process permitted by the _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and
_\be_\bn_\bv_\b__\bk_\be_\be_\bp options. This is effectively a whitelist for environment
variables. The environment variables LOGNAME and USER are treated
- specially. If only one of them is preserved from user's environment, the
+ specially. If one of them is preserved (or removed) from user's
+ environment, the other will be as well. If LOGNAME and USER are to be
+ preserved but only one of them is present in the user's environment, the
other will be set to the same value. This avoids an inconsistent
environment where one of the variables describing the user name is set to
the invoking user and one is set to the target user. () are removed
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.26 August 7, 2018 Sudo 1.8.26
+Sudo 1.8.26 September 24, 2018 Sudo 1.8.26
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "5" "August 7, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "September 24, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
and
\fRUSER\fR
are treated specially.
-If only one of them is preserved from user's environment, the other
-will be set to the same value.
+If one of them is preserved (or removed) from user's environment, the other
+will be as well.
+If
+\fRLOGNAME\fR
+and
+\fRUSER\fR
+are to be preserved but only one of them is present in the user's environment,
+the other will be set to the same value.
This avoids an inconsistent environment where one of the variables
describing the user name is set to the invoking user and one is
set to the target user.
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd August 7, 2018
+.Dd September 24, 2018
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
and
.Ev USER
are treated specially.
-If only one of them is preserved from user's environment, the other
-will be set to the same value.
+If one of them is preserved (or removed) from user's environment, the other
+will be as well.
+If
+.Ev LOGNAME
+and
+.Ev USER
+are to be preserved but only one of them is present in the user's environment,
+the other will be set to the same value.
This avoids an inconsistent environment where one of the variables
describing the user name is set to the invoking user and one is
set to the target user.
matches_env_list(const char *var, struct list_members *list, bool *full_match)
{
struct list_member *cur;
+ bool is_logname = false;
debug_decl(matches_env_list, SUDOERS_DEBUG_ENV)
- SLIST_FOREACH(cur, list, entries) {
- if (matches_env_pattern(cur->value, var, full_match))
- debug_return_bool(true);
+ switch (*var) {
+ case 'L':
+ if (strncmp(var, "LOGNAME=", 8) == 0)
+ is_logname = true;
+#ifdef _AIX
+ else if (strncmp(var, "LOGIN=", 6) == 0)
+ is_logname = true;
+#endif
+ break;
+ case 'U':
+ if (strncmp(var, "USER=", 5) == 0)
+ is_logname = true;
+ break;
+ }
+
+ if (is_logname) {
+ /*
+ * We treat LOGIN, LOGNAME and USER specially.
+ * If one is preserved/deleted we want to preserve/delete them all.
+ */
+ SLIST_FOREACH(cur, list, entries) {
+ if (matches_env_pattern(cur->value, "LOGNAME", full_match) ||
+#ifdef _AIX
+ matches_env_pattern(cur->value, "LOGIN", full_match) ||
+#endif
+ matches_env_pattern(cur->value, "USER", full_match))
+ debug_return_bool(true);
+ }
+ } else {
+ SLIST_FOREACH(cur, list, entries) {
+ if (matches_env_pattern(cur->value, var, full_match))
+ debug_return_bool(true);
+ }
}
debug_return_bool(false);
}
projects / sudo / commitdiff