use a "*=()* " pattern in initial_badenv_table[] to match them instead.
This allows the user to remove the check via env_delete.
_\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and _\be_\bn_\bv_\b__\bk_\be_\be_\bp options. This is effectively a whitelist for
environment variables. Environment variables with a value beginning with
() are removed unless both the name and value parts are matched by
- _\be_\bn_\bv_\b__\bk_\be_\be_\bp or _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk, as they will be interpreted as functions by older
- versions of the b\bba\bas\bsh\bh shell. Prior to version 1.8.11, such variables were
- always removed.
+ _\be_\bn_\bv_\b__\bk_\be_\be_\bp or _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk, as they may be interpreted as functions by the
+ b\bba\bas\bsh\bh shell. Prior to version 1.8.11, such variables were always removed.
If, however, the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is disabled, any variables not
explicitly denied by the _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and _\be_\bn_\bv_\b__\bd_\be_\bl_\be_\bt_\be options are inherited
from the invoking process. In this case, _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk and _\be_\bn_\bv_\b__\bd_\be_\bl_\be_\bt_\be behave
- like a blacklist. Environment variables with a value beginning with ()
- are always removed, even if they do not match one of the blacklists.
- Since it is not possible to blacklist all potentially dangerous
+ like a blacklist. Prior to version 1.8.21, environment variables with a
+ value beginning with () were always removed. Beginning with version
+ 1.8.21, a pattern in _\be_\bn_\bv_\b__\bd_\be_\bl_\be_\bt_\be is used to match b\bba\bas\bsh\bh shell functions
+ instead. Since it is not possible to blacklist all potentially dangerous
environment variables, use of the default _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt behavior is
encouraged.
By default, environment variables are matched by name. However, if the
pattern includes an equal sign (`='), both the variables name and value
- must match. For example, an old-style (pre-shellshock) b\bba\bas\bsh\bh shell
- function could be matched as follows:
+ must match. For example, a b\bba\bas\bsh\bh shell function could be matched as
+ follows:
- env_keep += "my_func=()*"
+ env_keep += "BASH_FUNC_my_func%%=()*"
- Without the "=()*" suffix, this would not match, as old-style b\bba\bas\bsh\bh shell
- functions are not preserved by default.
+ Without the "=()*" suffix, this would not match, as b\bba\bas\bsh\bh shell functions
+ are not preserved by default.
The complete list of environment variables that s\bsu\bud\bdo\bo allows or denies is
contained in the output of "sudo -V" when run as root. Please note that
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.21 June 2, 2017 Sudo 1.8.21
+Sudo 1.8.21 June 3, 2017 Sudo 1.8.21
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "5" "June 2, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "June 3, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
\fIenv_keep\fR
or
\fIenv_check\fR,
-as they will be interpreted as functions by older versions of the
+as they may be interpreted as functions by the
\fBbash\fR
shell.
Prior to version 1.8.11, such variables were always removed.
and
\fIenv_delete\fR
behave like a blacklist.
-Environment variables with a value beginning with
+Prior to version 1.8.21, environment variables with a value beginning with
\fR()\fR
-are always removed, even if they do not match one of the blacklists.
+were always removed.
+Beginning with version 1.8.21, a pattern in
+\fIenv_delete\fR
+is used to match
+\fBbash\fR
+shell functions instead.
Since it is not possible
to blacklist all potentially dangerous environment variables, use
of the default
However, if the pattern includes an equal sign
(\(oq=\&\(cq),
both the variables name and value must match.
-For example, an old-style (pre-shellshock)
+For example, a
\fBbash\fR
shell function could be matched as follows:
.nf
.sp
.RS 4n
-env_keep += "my_func=()*"
+env_keep += "BASH_FUNC_my_func%%=()*"
.RE
.fi
.PP
Without the
\(Lq\fR=()*\fR\(Rq
-suffix, this would not match, as old-style
+suffix, this would not match, as
\fBbash\fR
shell functions are not preserved by default.
.PP
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd June 2, 2017
+.Dd June 3, 2017
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Em env_keep
or
.Em env_check ,
-as they will be interpreted as functions by older versions of the
+as they may be interpreted as functions by the
.Sy bash
shell.
Prior to version 1.8.11, such variables were always removed.
and
.Em env_delete
behave like a blacklist.
-Environment variables with a value beginning with
+Prior to version 1.8.21, environment variables with a value beginning with
.Li ()
-are always removed, even if they do not match one of the blacklists.
+were always removed.
+Beginning with version 1.8.21, a pattern in
+.Em env_delete
+is used to match
+.Sy bash
+shell functions instead.
Since it is not possible
to blacklist all potentially dangerous environment variables, use
of the default
However, if the pattern includes an equal sign
.Pq Ql =\& ,
both the variables name and value must match.
-For example, an old-style (pre-shellshock)
+For example, a
.Sy bash
shell function could be matched as follows:
.Bd -literal -offset 4n
-env_keep += "my_func=()*"
+env_keep += "BASH_FUNC_my_func%%=()*"
.Ed
.Pp
Without the
.Dq Li =()*
-suffix, this would not match, as old-style
+suffix, this would not match, as
.Sy bash
shell functions are not preserved by default.
.Pp
"PYTHONUSERBASE", /* python, per user site-packages directory */
"RUBYLIB", /* ruby, library load path */
"RUBYOPT", /* ruby, extra command line options */
- "BASH_FUNC_*", /* new-style bash functions */
- "__BASH_FUNC<*", /* new-style bash functions (Apple) */
+ "*=()*", /* bash functions */
NULL
};
static bool
env_should_delete(const char *var)
{
- const char *cp;
int delete_it;
bool full_match = false;
debug_decl(env_should_delete, SUDOERS_DEBUG_ENV);
- /* Skip variables with values beginning with () (bash functions) */
- if ((cp = strchr(var, '=')) != NULL) {
- if (strncmp(cp, "=() ", 4) == 0) {
- delete_it = true;
- goto done;
- }
- }
-
delete_it = matches_env_delete(var);
if (!delete_it)
delete_it = matches_env_check(var, &full_match) == false;
-done:
sudo_debug_printf(SUDO_DEBUG_INFO, "delete %s: %s",
var, delete_it ? "YES" : "NO");
debug_return_bool(delete_it);
projects / sudo / commitdiff