From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 17 Jan 2017 17:10:47 +0000 (-0700)
Subject: Fix documentation bug, the contents of env_file have never been
X-Git-Tag: SUDO_1_8_20^2~134
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=34ba901baa06691dd011d247649a7c7c67733646;p=sudo

Fix documentation bug, the contents of env_file have never been
subject to env_keep or env_check.  However, variables are only added
if they have not already been preserved.
---

diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index 0461e8832..ffad399c1 100644
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1719,8 +1719,10 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                    be of the form ``VARIABLE=value'' or ``export
                    VARIABLE=value''.  The value may optionally be surrounded
                    by single or double quotes.  Variables in this file are
-                   subject to other ssuuddoo environment settings such as _e_n_v___k_e_e_p
-                   and _e_n_v___c_h_e_c_k.
+                   only added if the variable does not already exist in the
+                   environment.  This file is considered to be part of the
+                   security policy, its contents are not subject to other ssuuddoo
+                   environment restrictions such as _e_n_v___k_e_e_p and _e_n_v___c_h_e_c_k.
 
      exempt_group  Users in this group are exempt from password and PATH
                    requirements.  The group name specified should not include
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index 29abf4cbe..bae06012c 100644
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -1,7 +1,7 @@
 .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
 .\" IT IS GENERATED AUTOMATICALLY FROM sudoers.mdoc.in
 .\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2016
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2017
 .\"	Todd C. Miller <Todd.Miller@courtesan.com>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -3468,9 +3468,12 @@ Entries in this file should either be of the form
 or
 \(Lq\fRexport VARIABLE=value\fR\(Rq.
 The value may optionally be surrounded by single or double quotes.
-Variables in this file are subject to other
+Variables in this file are only added if the variable does not already
+exist in the environment.
+This file is considered to be part of the security policy,
+its contents are not subject to other
 \fBsudo\fR
-environment settings such as
+environment restrictions such as
 \fIenv_keep\fR
 and
 \fIenv_check\fR.
diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index 6bfe868d5..4a9508d8f 100644
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -1,5 +1,5 @@
 .\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2016
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2017
 .\"	Todd C. Miller <Todd.Miller@courtesan.com>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -3239,9 +3239,12 @@ Entries in this file should either be of the form
 or
 .Dq Li export VARIABLE=value .
 The value may optionally be surrounded by single or double quotes.
-Variables in this file are subject to other
+Variables in this file are only added if the variable does not already
+exist in the environment.
+This file is considered to be part of the security policy,
+its contents are not subject to other
 .Nm sudo
-environment settings such as
+environment restrictions such as
 .Em env_keep
 and
 .Em env_check .