From: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Wed, 16 May 2018 16:01:52 +0000 (-0600)
Subject: Sudo "ALL" implies the SETENV tag.
X-Git-Tag: SUDO_1_8_24^2~78
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3ca0882d14adadaab47fa4010a31123c171fd862;p=sudo

Sudo "ALL" implies the SETENV tag.
---

diff --git a/plugins/sudoers/ldap_util.c b/plugins/sudoers/ldap_util.c
index c9a81557c..af6dbdd70 100644
--- a/plugins/sudoers/ldap_util.c
+++ b/plugins/sudoers/ldap_util.c
@@ -398,6 +398,8 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
 	    cmndspec->notbefore = prev_cmndspec->notbefore;
 	    cmndspec->notafter = prev_cmndspec->notafter;
 	    cmndspec->tags = prev_cmndspec->tags;
+	    if (cmndspec->tags.setenv == IMPLIED)
+		cmndspec->tags.setenv = UNSPEC;
 	} else {
 	    /* Parse sudoRunAsUser / sudoRunAs */
 	    if (runasusers != NULL) {
@@ -514,6 +516,9 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
 	    /* So we can inherit previous values. */
 	    prev_cmndspec = cmndspec;
 	}
+	/* Sudo "ALL" implies the SETENV tag. */
+	if (c == NULL && cmndspec->tags.setenv == UNSPEC)
+	    cmndspec->tags.setenv = IMPLIED;
     }
     /* Negated commands take precedence so we insert them at the end. */
     TAILQ_CONCAT(&priv->cmndlist, &negated_cmnds, entries);