From: Todd C. Miller Date: Mon, 18 Jun 2007 12:56:11 +0000 (+0000) Subject: Make env_check apply when env_reset it true. Environment variables are X-Git-Tag: SUDO_1_7_0~550 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e096ae6f1301413d894e02daa4231a2923da3508;p=sudo Make env_check apply when env_reset it true. Environment variables are passed through unless they contain '/' or '%'. There is no need to have a variable in both env_check and env_keep. --- diff --git a/env.c b/env.c index 328326166..f04a9bbfa 100644 --- a/env.c +++ b/env.c @@ -181,6 +181,9 @@ static const char *initial_checkenv_table[] = { * Default table of variables to preserve in the environment. */ static const char *initial_keepenv_table[] = { + "LC_*", + "LANG", + "LANGUAGE", "KRB5CCNAME", "DISPLAY", "PATH", @@ -299,7 +302,7 @@ rebuild_env(envp, sudo_mode, noexec) didvar = 0; memset(&env, 0, sizeof(env)); if (def_env_reset) { - int keepit; + int keepit = -1; /* Pull in vars we want to keep from the old environment. */ for (ep = envp; *ep; ep++) { @@ -311,7 +314,8 @@ rebuild_env(envp, sudo_mode, noexec) continue; } - for (cur = def_env_keep; cur; cur = cur->next) { + /* Check certain variables for '%' and '/' characters. */ + for (cur = def_env_check; cur; cur = cur->next) { len = strlen(cur->value); /* Deal with '*' wildcard */ if (cur->value[len - 1] == '*') { @@ -321,11 +325,28 @@ rebuild_env(envp, sudo_mode, noexec) iswild = FALSE; if (strncmp(cur->value, *ep, len) == 0 && (iswild || (*ep)[len] == '=')) { - keepit = TRUE; + keepit = !strpbrk(*ep, "/%"); break; } } + if (keepit == -1) { + for (cur = def_env_keep; cur; cur = cur->next) { + len = strlen(cur->value); + /* Deal with '*' wildcard */ + if (cur->value[len - 1] == '*') { + len--; + iswild = TRUE; + } else + iswild = FALSE; + if (strncmp(cur->value, *ep, len) == 0 && + (iswild || (*ep)[len] == '=')) { + keepit = TRUE; + break; + } + } + } + /* For SUDO_PS1 -> PS1 conversion. */ if (strncmp(*ep, "SUDO_PS1=", 8) == 0) ps1 = *ep + 5;