From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 14 Dec 2001 06:40:03 +0000 (+0000)
Subject: Remove "secure_path" Defaults option since it cannot work with the
X-Git-Tag: SUDO_1_6_4~111
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2e677e10233020ded2e5b181cdb1c80ae6c64931;p=sudo

Remove "secure_path" Defaults option since it cannot work with the
existing parser.
---

diff --git a/def_data.c b/def_data.c
index 0e6383a67..6c1a4a43f 100644
--- a/def_data.c
+++ b/def_data.c
@@ -146,9 +146,6 @@ struct sudo_defs_types sudo_defs_table[] = {
     }, {
 	"runas_default", T_STR,
 	"Default user to run commands as: %s"
-    }, {
-	"secure_path", T_STR|T_BOOL,
-	"Value to override user's $PATH with: %s"
     }, {
 	"editor", T_STR|T_PATH,
 	"Path to the editor for use by visudo: %s"
diff --git a/def_data.h b/def_data.h
index 652989456..89c1a30e2 100644
--- a/def_data.h
+++ b/def_data.h
@@ -47,12 +47,11 @@
 #define I_EXEMPT_GROUP          46
 #define I_PASSPROMPT            47
 #define I_RUNAS_DEFAULT         48
-#define I_SECURE_PATH           49
-#define I_EDITOR                50
-#define I_ENV_CHECK             51
-#define I_ENV_DELETE            52
-#define I_ENV_KEEP              53
-#define I_LISTPW_I              54
-#define I_VERIFYPW_I            55
-#define I_LISTPW                56
-#define I_VERIFYPW              57
+#define I_EDITOR                49
+#define I_ENV_CHECK             50
+#define I_ENV_DELETE            51
+#define I_ENV_KEEP              52
+#define I_LISTPW_I              53
+#define I_VERIFYPW_I            54
+#define I_LISTPW                55
+#define I_VERIFYPW              56
diff --git a/def_data.in b/def_data.in
index 262720039..d1f3313a8 100644
--- a/def_data.in
+++ b/def_data.in
@@ -153,9 +153,6 @@ passprompt
 runas_default
 	T_STR
 	"Default user to run commands as: %s"
-secure_path
-	T_STR|T_BOOL
-	"Value to override user's $PATH with: %s"
 editor
 	T_STR|T_PATH
 	"Path to the editor for use by visudo: %s"
diff --git a/defaults.c b/defaults.c
index 95fabd992..fdbc9d394 100644
--- a/defaults.c
+++ b/defaults.c
@@ -490,9 +490,6 @@ init_defaults()
 #endif
 #ifdef EXEMPTGROUP
     def_str(I_EXEMPT_GROUP) = estrdup(EXEMPTGROUP);
-#endif
-#ifdef SECURE_PATH
-    def_str(I_SECURE_PATH) = estrdup(SECURE_PATH);
 #endif
     def_str(I_EDITOR) = estrdup(EDITOR);
 
diff --git a/env.c b/env.c
index 865f5985b..d04e01741 100644
--- a/env.c
+++ b/env.c
@@ -366,9 +366,10 @@ rebuild_env(sudo_mode, envp)
      * Access via 'nep' is not allowed (since we must check for dupes).
      */
 
+#ifdef SECURE_PATH
     /* Replace the PATH envariable with a secure one. */
-    if (def_str(I_SECURE_PATH))
-	insert_env(newenvp, format_env("PATH", def_str(I_SECURE_PATH)));
+    insert_env(newenvp, format_env("PATH", SECURE_PATH));
+#endif
 
     /* Set $HOME for `sudo -H'.  Only valid at PERM_RUNAS. */
     if ((sudo_mode & MODE_RESET_HOME) && runas_pw->pw_dir)
diff --git a/find_path.c b/find_path.c
index 7f89a4fa7..9a1a6e9a6 100644
--- a/find_path.c
+++ b/find_path.c
@@ -104,9 +104,11 @@ find_path(infile, outfile, path)
     }
 
     /* Use PATH passed in unless SECURE_PATH is in effect.  */
-    if (def_str(I_SECURE_PATH))
-	path = def_str(I_SECURE_PATH);
-    else if (path == NULL)
+#ifdef SECURE_PATH
+    if (!user_is_exempt())
+	path = SECURE_PATH;
+#endif /* SECURE_PATH */
+    if (path == NULL)
 	return(NOT_FOUND);
     path = estrdup(path);
     origpath = path;
diff --git a/sudo.c b/sudo.c
index 2dd08a060..e73013bec 100644
--- a/sudo.c
+++ b/sudo.c
@@ -245,12 +245,6 @@ main(argc, argv, envp)
     /* Validate the user but don't search for pseudo-commands. */
     validated = sudoers_lookup(pwflag);
 
-    /* Exempt users aren't affected by secure paths. */
-    if (user_is_exempt() && def_str(I_SECURE_PATH)) {
-	free(def_str(I_SECURE_PATH));
-	def_str(I_SECURE_PATH) = NULL;
-    }
-
     /*
      * Look up runas user passwd struct.  If we are given a uid then
      * there may be no corresponding passwd(5) entry (which is OK).
diff --git a/sudoers.pod b/sudoers.pod
index ee8dce997..623e987dd 100644
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -422,10 +422,14 @@ dangerous functionality when a program is run setuid.
 =item env_reset
 
 If set, B<sudo> will reset the environment to only contain the
-following variables: C<HOME>, C<SHELL>, C<LOGNAME>, and C<USER>
-(in addition to the C<SUDO_*> variables).  The C<PATH> and C<TERM>
-environment variables are preserved unaltered.  Other specific variables
-may be preserved with the i<env_keep> option.
+following variables: C<HOME>, C<LOGNAME>, C<PATH>, C<SHELL>, C<TERM>,
+and C<USER> (in addition to the C<SUDO_*> variables).
+Of these, only C<TERM> is copied unaltered from the old environment.
+The other variables are set to default values (possibly modified
+by the value of the I<set_logname> option).  If B<sudo> was compiled
+with the C<SECURE_PATH> option, its value will be used for the C<PATH>
+environment variable.
+Other variables may be preserved with the i<env_keep> option.
 
 =item use_loginclass
 
@@ -564,13 +568,6 @@ interpreting the C<@> sign.  Defaults to C<@mailto@>.
 Users in this group are exempt from password and PATH requirements.
 This is not set by default.
 
-=item secure_path
-
-Path used for every command run from B<sudo>.  If you don't trust the
-people running B<sudo> to have a sane C<PATH> environment variable you may
-want to use this.  Another use is if you want to have the "root path"
-be separate from the "user path."  This is not set by default.
-
 =item verifypw
 
 This option controls when a password will be required when a user runs