From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 9 Jul 2007 17:25:45 +0000 (+0000)
Subject: honor def_default_path for PATH set on the command line
X-Git-Tag: SUDO_1_7_0~494
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=25b624ce5ec0d8d70507266e6d5fd1d9e69ad5ae;p=sudo

honor def_default_path for PATH set on the command line
---

diff --git a/env.c b/env.c
index f831ea298..938b1ab3a 100644
--- a/env.c
+++ b/env.c
@@ -592,7 +592,6 @@ rebuild_env(envp, sudo_mode, noexec)
 
     /* Add user-specified environment variables. */
     /* XXX - this is not safe, should be done after authentication. */
-    /* XXX - also honor secure_path */
     for (cur = sudo_user.env_vars; cur != NULL; cur = cur->next)
 	insert_env(cur->value, &env, 1);
 
@@ -614,7 +613,10 @@ validate_env_vars(env_vars)
     int okvar;
 
     for (var = env_vars; var != NULL; var = var->next) {
-	if (def_env_reset) {
+	if (def_secure_path && !user_is_exempt() &&
+	    strncmp(var->value, "PATH=", 5) == 0) {
+	    okvar = FALSE;
+	} else if (def_env_reset) {
 	    okvar = matches_env_check(var->value);
 	    if (okvar == -1)
 		okvar = matches_env_keep(var->value);