From: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Wed, 19 Jun 2019 20:29:25 +0000 (-0600)
Subject: Better description of secure_path.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=05f9643b89bae83757f3755cc0d5c52b38853114;p=sudo

Better description of secure_path.
The secure_path option affects the resolution of unqualified commands
as well as the environment that commands run with.
---

diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index 88b5dbf90..63aa104e0 100644
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -2080,13 +2080,15 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                    either case, the contents of _r_e_s_t_r_i_c_t_e_d___e_n_v___f_i_l_e are
                    processed before the contents of _e_n_v___f_i_l_e.
 
-     secure_path   Path used for every command run from ssuuddoo.  If you don't
-                   trust the people running ssuuddoo to have a sane PATH
-                   environment variable you may want to use this.  Another use
-                   is if you want to have the "root path" be separate from the
-                   "user path".  Users in the group specified by the
-                   _e_x_e_m_p_t___g_r_o_u_p option are not affected by _s_e_c_u_r_e___p_a_t_h.  This
-                   option is not set by default.
+     secure_path   If set, ssuuddoo will use this value in place of the user's
+                   PATH environment variable.  This option can be used to
+                   reset the PATH to a known good value that contains
+                   directories for system administrator commands such as
+                   _/_u_s_r_/_s_b_i_n.
+
+                   Users in the group specified by the _e_x_e_m_p_t___g_r_o_u_p option are
+                   not affected by _s_e_c_u_r_e___p_a_t_h.  This option is not set by
+                   default.
 
      syslog        Syslog facility if syslog is being used for logging (negate
                    to disable syslog logging).  Defaults to auth.
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index 8c5dd5f15..dd677daa2 100644
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -4159,18 +4159,17 @@ are processed before the contents of
 \fIenv_file\fR.
 .TP 14n
 secure_path
-Path used for every command run from
-\fBsudo\fR.
-If you don't trust the
-people running
+If set,
 \fBsudo\fR
-to have a sane
+will use this value in place of the user's
 \fRPATH\fR
-environment variable you may want to use this.
-Another use is if you want to have the
-\(lqroot path\(rq
-be separate from the
-\(lquser path\(rq.
+environment variable.
+This option can be used to reset the
+\fRPATH\fR
+to a known good value that contains directories for system administrator
+commands such as
+\fI/usr/sbin\fR.
+.sp
 Users in the group specified by the
 \fIexempt_group\fR
 option are not affected by
diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index 5819c5e17..60616f29b 100644
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -3885,18 +3885,17 @@ In either case, the contents of
 are processed before the contents of
 .Em env_file .
 .It secure_path
-Path used for every command run from
-.Nm sudo .
-If you don't trust the
-people running
+If set,
 .Nm sudo
-to have a sane
+will use this value in place of the user's
 .Ev PATH
-environment variable you may want to use this.
-Another use is if you want to have the
-.Dq root path
-be separate from the
-.Dq user path .
+environment variable.
+This option can be used to reset the
+.Ev PATH
+to a known good value that contains directories for system administrator
+commands such as
+.Pa /usr/sbin .
+.Pp
 Users in the group specified by the
 .Em exempt_group
 option are not affected by