From: Todd C. Miller Date: Mon, 24 Sep 2018 11:30:03 +0000 (-0600) Subject: Remove special handling of the USERNAME environment variable. It X-Git-Tag: SUDO_1_8_26^2~76 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5f61f2c0f44abf6c9a5e1732101d3c80f1cd1c4a;p=sudo Remove special handling of the USERNAME environment variable. It used to be set on old versions of Fedora but that hasn't been the case for some time. It's worth noting that ssh doesn't set USERNAME either. --- diff --git a/doc/sudo.cat b/doc/sudo.cat index 2ab3cd91e..58714ad37 100644 --- a/doc/sudo.cat +++ b/doc/sudo.cat @@ -566,8 +566,6 @@ EENNVVIIRROONNMMEENNTT USER Set to the same value as LOGNAME, described above. - USERNAME Same as USER. - VISUAL Default editor to use in --ee (sudoedit) mode if SUDO_EDITOR is not set. diff --git a/doc/sudo.man.in b/doc/sudo.man.in index c9b2f490e..5dc8e2f1a 100644 --- a/doc/sudo.man.in +++ b/doc/sudo.man.in @@ -1123,10 +1123,6 @@ Set to the same value as \fRLOGNAME\fR, described above. .TP 17n -\fRUSERNAME\fR -Same as -\fRUSER\fR. -.TP 17n \fRVISUAL\fR Default editor to use in \fB\-e\fR diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in index f96081a0f..5d2a84fe0 100644 --- a/doc/sudo.mdoc.in +++ b/doc/sudo.mdoc.in @@ -1035,9 +1035,6 @@ Set to the login name of the user who invoked sudo. Set to the same value as .Ev LOGNAME , described above. -.It Ev USERNAME -Same as -.Ev USER . .It Ev VISUAL Default editor to use in .Fl e diff --git a/doc/sudoers.cat b/doc/sudoers.cat index 8f79b99ef..b2c9327e6 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -126,16 +126,14 @@ DDEESSCCRRIIPPTTIIOONN _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t file. On BSD systems, if the _u_s_e___l_o_g_i_n_c_l_a_s_s option is enabled, the environment is initialized based on the _p_a_t_h and _s_e_t_e_n_v settings in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f. The new environment contains the TERM, - PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables in - addition to variables from the invoking process permitted by the - _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options. This is effectively a whitelist for - environment variables. The environment variables LOGNAME, USER and - USERNAME are treated specially. If one or more variables are preserved - from the invoking process, any of the three remaining variables (that - were not explicitly preserved) will be set to the same value as the first - one in the list that was preserved. This avoids an inconsistent - environment where some of the variables describing the user name are set - to the invoking user and some are set to the target user. () are removed + PATH, HOME, MAIL, SHELL, LOGNAME, USER and SUDO_* variables in addition + to variables from the invoking process permitted by the _e_n_v___c_h_e_c_k and + _e_n_v___k_e_e_p options. This is effectively a whitelist for environment + variables. The environment variables LOGNAME and USER are treated + specially. If only one of them is preserved from user's environment, the + other will be set to the same value. This avoids an inconsistent + environment where one of the variables describing the user name is set to + the invoking user and one is set to the target user. () are removed unless both the name and value parts are matched by _e_n_v___k_e_e_p or _e_n_v___c_h_e_c_k, as they may be interpreted as functions by the bbaasshh shell. Prior to version 1.8.11, such variables were always removed. @@ -1043,10 +1041,10 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS env_reset If set, ssuuddoo will run the command in a minimal environment containing the TERM, PATH, HOME, MAIL, - SHELL, LOGNAME, USER, USERNAME and SUDO_* variables. - Any variables in the caller's environment or in the - file specified by the _r_e_s_t_r_i_c_t_e_d___e_n_v___f_i_l_e option that - match the env_keep and env_check lists are then added, + SHELL, LOGNAME, USER and SUDO_* variables. Any + variables in the caller's environment or in the file + specified by the _r_e_s_t_r_i_c_t_e_d___e_n_v___f_i_l_e option that match + the env_keep and env_check lists are then added, followed by any variables present in the file specified by the _e_n_v___f_i_l_e option (if any). The contents of the env_keep and env_check lists, as modified by global @@ -1382,7 +1380,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS disabled or HOME is present in the _e_n_v___k_e_e_p list. This flag is _o_f_f by default. - set_logname Normally, ssuuddoo will set the LOGNAME, USER and USERNAME + set_logname Normally, ssuuddoo will set the LOGNAME and USER environment variables to the name of the target user (usually root unless the --uu option is given). However, since some programs (including the RCS revision control @@ -1391,8 +1389,8 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS This can be done by negating the set_logname option. Note that _s_e_t___l_o_g_n_a_m_e will have no effect if the _e_n_v___r_e_s_e_t option has not been disabled and the _e_n_v___k_e_e_p - list contains LOGNAME, USER or USERNAME. This flag is - _o_n by default. + list contains LOGNAME or USER. This flag is _o_n by + default. set_utmp When enabled, ssuuddoo will create an entry in the utmp (or utmpx) file when a pseudo-tty is allocated. A pseudo- @@ -2506,7 +2504,7 @@ EEXXAAMMPPLLEESS Here we override some of the compiled in default values. We want ssuuddoo to log via syslog(3) using the _a_u_t_h facility in all cases. We don't want to subject the full time staff to the ssuuddoo lecture, user mmiilllleerrtt need not - give a password, and we don't want to reset the LOGNAME, USER or USERNAME + give a password, and we don't want to reset the LOGNAME or USER environment variables when running commands as root. Additionally, on the machines in the _S_E_R_V_E_R_S Host_Alias, we keep an additional local log file and make sure we log the year in each log line since the log entries @@ -2927,4 +2925,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or https://www.sudo.ws/license.html for complete details. -Sudo 1.8.25 August 7, 2018 Sudo 1.8.25 +Sudo 1.8.26 August 7, 2018 Sudo 1.8.26 diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index bc2061215..c9f75eba4 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -309,8 +309,7 @@ The new environment contains the \fRMAIL\fR, \fRSHELL\fR, \fRLOGNAME\fR, -\fRUSER\fR, -\fRUSERNAME\fR +\fRUSER\fR and \fRSUDO_*\fR variables @@ -322,17 +321,14 @@ options. This is effectively a whitelist for environment variables. The environment variables -\fRLOGNAME\fR, -\fRUSER\fR +\fRLOGNAME\fR and -\fRUSERNAME\fR +\fRUSER\fR are treated specially. -If one or more variables are preserved from the invoking process, -any of the three remaining variables (that were not explicitly -preserved) will be set to the same value as the first one in the -list that was preserved. -This avoids an inconsistent environment where some of the variables -describing the user name are set to the invoking user and some are +If only one of them is preserved from user's environment, the other +will be set to the same value. +This avoids an inconsistent environment where one of the variables +describing the user name is set to the invoking user and one is set to the target user. \fR()\fR are removed unless both the name and value parts are matched by @@ -2217,8 +2213,7 @@ will run the command in a minimal environment containing the \fRMAIL\fR, \fRSHELL\fR, \fRLOGNAME\fR, -\fRUSER\fR, -\fRUSERNAME\fR +\fRUSER\fR and \fRSUDO_*\fR variables. @@ -2884,10 +2879,9 @@ set_logname Normally, \fBsudo\fR will set the -\fRLOGNAME\fR, -\fRUSER\fR +\fRLOGNAME\fR and -\fRUSERNAME\fR +\fRUSER\fR environment variables to the name of the target user (usually root unless the \fB\-u\fR option is given). @@ -2904,10 +2898,9 @@ if the option has not been disabled and the \fIenv_keep\fR list contains -\fRLOGNAME\fR, -\fRUSER\fR +\fRLOGNAME\fR or -\fRUSERNAME\fR. +\fRUSER\fR. This flag is \fIon\fR by default. @@ -4899,10 +4892,9 @@ We don't want to subject the full time staff to the lecture, user \fBmillert\fR need not give a password, and we don't want to reset the -\fRLOGNAME\fR, -\fRUSER\fR +\fRLOGNAME\fR or -\fRUSERNAME\fR +\fRUSER\fR environment variables when running commands as root. Additionally, on the machines in the \fISERVERS\fR diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index 7f5684137..d9214ae48 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -299,8 +299,7 @@ The new environment contains the .Ev MAIL , .Ev SHELL , .Ev LOGNAME , -.Ev USER , -.Ev USERNAME +.Ev USER and .Ev SUDO_* variables @@ -312,17 +311,14 @@ options. This is effectively a whitelist for environment variables. The environment variables -.Ev LOGNAME , -.Ev USER +.Ev LOGNAME and -.Ev USERNAME +.Ev USER are treated specially. -If one or more variables are preserved from the invoking process, -any of the three remaining variables (that were not explicitly -preserved) will be set to the same value as the first one in the -list that was preserved. -This avoids an inconsistent environment where some of the variables -describing the user name are set to the invoking user and some are +If only one of them is preserved from user's environment, the other +will be set to the same value. +This avoids an inconsistent environment where one of the variables +describing the user name is set to the invoking user and one is set to the target user. .Li () are removed unless both the name and value parts are matched by @@ -2081,8 +2077,7 @@ will run the command in a minimal environment containing the .Ev MAIL , .Ev SHELL , .Ev LOGNAME , -.Ev USER , -.Ev USERNAME +.Ev USER and .Ev SUDO_* variables. @@ -2711,10 +2706,9 @@ by default. Normally, .Nm sudo will set the -.Ev LOGNAME , -.Ev USER +.Ev LOGNAME and -.Ev USERNAME +.Ev USER environment variables to the name of the target user (usually root unless the .Fl u option is given). @@ -2731,10 +2725,9 @@ if the option has not been disabled and the .Em env_keep list contains -.Ev LOGNAME , -.Ev USER +.Ev LOGNAME or -.Ev USERNAME . +.Ev USER . This flag is .Em on by default. @@ -4560,10 +4553,9 @@ We don't want to subject the full time staff to the lecture, user .Sy millert need not give a password, and we don't want to reset the -.Ev LOGNAME , -.Ev USER +.Ev LOGNAME or -.Ev USERNAME +.Ev USER environment variables when running commands as root. Additionally, on the machines in the .Em SERVERS diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c index 9112ef51e..f2a3b274f 100644 --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2005, 2007-2016 + * Copyright (c) 2000-2005, 2007-2018 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -65,12 +65,10 @@ #define DID_LOGNAME 0x00000010 #undef DID_USER #define DID_USER 0x00000020 -#undef DID_USERNAME -#define DID_USERNAME 0x00000040 #undef DID_LOGIN -#define DID_LOGIN 0x00000080 +#define DID_LOGIN 0x00000040 #undef DID_MAIL -#define DID_MAIL 0x00000100 +#define DID_MAIL 0x00000080 #undef DID_MAX #define DID_MAX 0x0000ffff @@ -86,12 +84,10 @@ #define KEPT_LOGNAME 0x00100000 #undef KEPT_USER #define KEPT_USER 0x00200000 -#undef KEPT_USERNAME -#define KEPT_USERNAME 0x00400000 #undef KEPT_LOGIN -#define KEPT_LOGIN 0x00800000 +#define KEPT_LOGIN 0x00400000 #undef KEPT_MAIL -#define KEPT_MAIL 0x01000000 +#define KEPT_MAIL 0x00800000 #undef KEPT_MAX #define KEPT_MAX 0xffff0000 @@ -99,9 +95,9 @@ * AIX sets the LOGIN environment variable too. */ #ifdef _AIX -# define KEPT_USER_VARIABLES (KEPT_LOGIN|KEPT_LOGNAME|KEPT_USER|KEPT_USERNAME) +# define KEPT_USER_VARIABLES (KEPT_LOGIN|KEPT_LOGNAME|KEPT_USER) #else -# define KEPT_USER_VARIABLES (KEPT_LOGNAME|KEPT_USER|KEPT_USERNAME) +# define KEPT_USER_VARIABLES (KEPT_LOGNAME|KEPT_USER) #endif struct environment { @@ -807,8 +803,6 @@ env_update_didvar(const char *ep, unsigned int *didvar) case 'U': if (strncmp(ep, "USER=", 5) == 0) SET(*didvar, DID_USER); - if (strncmp(ep, "USERNAME=", 9) == 0) - SET(*didvar, DID_USERNAME); break; } } @@ -935,8 +929,6 @@ rebuild_env(void) ISSET(didvar, DID_LOGNAME), true); CHECK_SETENV2("USER", runas_pw->pw_name, ISSET(didvar, DID_USER), true); - CHECK_SETENV2("USERNAME", runas_pw->pw_name, - ISSET(didvar, DID_USERNAME), true); } else { /* We will set LOGNAME later in the def_set_logname case. */ if (!def_set_logname) { @@ -948,8 +940,6 @@ rebuild_env(void) CHECK_SETENV2("LOGNAME", user_name, false, true); if (!ISSET(didvar, DID_USER)) CHECK_SETENV2("USER", user_name, false, true); - if (!ISSET(didvar, DID_USERNAME)) - CHECK_SETENV2("USERNAME", user_name, false, true); } } @@ -1002,7 +992,7 @@ rebuild_env(void) } /* - * Set LOGIN, LOGNAME, USER and USERNAME to target if "set_logname" is not + * Set LOGIN, LOGNAME, and USER to target if "set_logname" is not * disabled. We skip this if we are running a login shell (because * they have already been set). */ @@ -1014,10 +1004,9 @@ rebuild_env(void) #endif CHECK_SETENV2("LOGNAME", runas_pw->pw_name, true, true); CHECK_SETENV2("USER", runas_pw->pw_name, true, true); - CHECK_SETENV2("USERNAME", runas_pw->pw_name, true, true); } else if ((didvar & KEPT_USER_VARIABLES) != KEPT_USER_VARIABLES) { /* - * Preserved some of LOGIN, LOGNAME, USER, USERNAME but not all. + * Preserved some of LOGIN, LOGNAME, USER but not all. * Make the unset ones match so we don't end up with some * set to the invoking user and others set to the runas user. */ @@ -1029,8 +1018,6 @@ rebuild_env(void) #endif else if (ISSET(didvar, KEPT_USER)) cp = sudo_getenv("USER"); - else if (ISSET(didvar, KEPT_USERNAME)) - cp = sudo_getenv("USERNAME"); else cp = NULL; if (cp != NULL) { @@ -1042,8 +1029,6 @@ rebuild_env(void) CHECK_SETENV2("LOGNAME", cp, true, true); if (!ISSET(didvar, KEPT_USER)) CHECK_SETENV2("USER", cp, true, true); - if (!ISSET(didvar, KEPT_USERNAME)) - CHECK_SETENV2("USERNAME", cp, true, true); } } } diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index ef62736a5..f16a546ce 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -637,8 +637,10 @@ send_mail(const char *fmt, ...) "HOME=/", "PATH=/usr/bin:/bin:/usr/sbin:/sbin", "LOGNAME=root", - "USERNAME=root", "USER=root", +# ifdef _AIX + "LOGIN=root", +# endif NULL }; #endif /* NO_ROOT_MAILER */ diff --git a/plugins/sudoers/regress/visudo/test6.sh b/plugins/sudoers/regress/visudo/test6.sh index 876196520..596f5a184 100755 --- a/plugins/sudoers/regress/visudo/test6.sh +++ b/plugins/sudoers/regress/visudo/test6.sh @@ -13,7 +13,7 @@ Defaults!PAGERS noexec Defaults env_keep -= "HOME" Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" -Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" +Defaults env_keep += "MAIL PS1 PS2 QTDIR LANG LC_ADDRESS LC_CTYPE" User_Alias FULLTIMERS = millert, mikef, dowdy