From: Todd C. Miller Date: Sat, 17 Aug 2013 12:34:09 +0000 (-0600) Subject: When merging the PAM environment, allow environment variables set X-Git-Tag: SUDO_1_8_8^2~40 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7a76844d980e0e08058ebf6b9948f8ccb53b1b26;p=sudo When merging the PAM environment, allow environment variables set in PAM to override ones set by sudo as long as they do not match the env_keep or env_check lists. --- diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c index 78cd2e609..72218725a 100644 --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c @@ -544,21 +544,6 @@ sudo_getenv(const char *name) debug_return_str(val); } -/* - * Merge another environment with our private copy. - */ -void -env_merge(char * const envp[], bool overwrite) -{ - char * const *ep; - debug_decl(env_merge, SUDO_DEBUG_ENV) - - for (ep = envp; *ep != NULL; ep++) - sudo_putenv(*ep, true, overwrite); - - debug_return; -} - /* * Check the env_delete blacklist. * Returns true if the variable was found, else false. @@ -695,6 +680,23 @@ env_should_keep(const char *var) debug_return_bool(keepit == true); } +/* + * Merge another environment with our private copy. + * Only overwrite an existing variable if it is not + * being preserved from the user's environment. + */ +void +env_merge(char * const envp[]) +{ + char * const *ep; + debug_decl(env_merge, SUDO_DEBUG_ENV) + + for (ep = envp; *ep != NULL; ep++) + sudo_putenv(*ep, true, !env_should_keep(*ep)); + + debug_return; +} + static void env_update_didvar(const char *ep, unsigned int *didvar) { diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 55287b51c..8118ea460 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -334,7 +334,7 @@ char *expand_iolog_path(const char *prefix, const char *dir, const char *file, /* env.c */ char **env_get(void); -void env_merge(char * const envp[], bool overwrite); +void env_merge(char * const envp[]); void env_init(char * const envp[]); void init_envtables(void); void insert_env_vars(char * const envp[]);