From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sat, 27 Nov 1993 23:59:33 +0000 (+0000)
Subject: updated with changes
X-Git-Tag: SUDO_1_3_0~74
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7e33d32a0753cb767cb5ddb67d22fa0933f88bd1;p=sudo

updated with changes
---

diff --git a/sudo.man b/sudo.man
index c680edad1..5d9b4cad9 100644
--- a/sudo.man
+++ b/sudo.man
@@ -113,6 +113,24 @@ the local authorities (defined at installation time).
 All preferences are defined at installation time and are derived from
 the sudo.h include file and the Makefile.
 
+.SH SECURITY NOTES
+.I sudo
+tries to be safe when executing external commands.  To this end
+LD_* and SHLIB_PATH (on hpux only) environmental variables are removed
+from the environment passed on to all commands executed.
+.sp
+Also,
+.I sudo
+checks '.' and '' (both denoting current directory) last when searching for
+a command in the user's PATH (if one or both are in the PATH).
+Note, however, that the actual PATH environmental variable is
+.I not
+modified and is passed unchanged to the program that
+.I sudo
+executes.
+.sp
+For security reasons, if your OS supports shared libraries, sudo should always
+be statically linked.
 .SH FUTURE ENHANCEMENTS
 .nf
 Allow nesting of host and command aliases.