From 3001e7f2964aed6a41e5af637819ce70dbd227cb Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 19 Jan 2004 01:17:00 +0000 Subject: [PATCH] In -i mode always set new environment based on the runas user's passwd entry. --- env.c | 34 +++++++++++++++++++++------------- sudo.c | 5 ++--- 2 files changed, 23 insertions(+), 16 deletions(-) diff --git a/env.c b/env.c index 94bbf1e06..09a0403ce 100644 --- a/env.c +++ b/env.c @@ -307,9 +307,9 @@ insert_env(str, dupcheck) * Also adds sudo-specific variables (SUDO_*). */ char ** -rebuild_env(envp, reset_home, noexec) +rebuild_env(envp, sudo_mode, noexec) char **envp; - int reset_home; + int sudo_mode; int noexec; { char **ep, *cp, *ps1; @@ -383,17 +383,25 @@ rebuild_env(envp, reset_home, noexec) } /* - * Add in defaults unless they were preserved from the - * user's environment. + * Add in defaults. In -i mode these come from the runas user, + * otherwise they may be from the user's environment (depends + * on sudoers options). */ - if (!(didvar & DID_HOME)) - insert_env(format_env("HOME", user_dir, VNULL), 0); - if (!(didvar & DID_SHELL)) - insert_env(format_env("SHELL", sudo_user.pw->pw_shell, VNULL), 0); - if (!(didvar & DID_LOGNAME)) - insert_env(format_env("LOGNAME", user_name, VNULL), 0); - if (!(didvar & DID_USER)) - insert_env(format_env("USER", user_name, VNULL), 0); + if (sudo_mode & MODE_LOGIN_SHELL) { + insert_env(format_env("HOME", runas_pw->pw_dir, VNULL), 0); + insert_env(format_env("SHELL", runas_pw->pw_shell, VNULL), 0); + insert_env(format_env("LOGNAME", runas_pw->pw_name, VNULL), 0); + insert_env(format_env("USER", runas_pw->pw_name, VNULL), 0); + } else { + if (!(didvar & DID_HOME)) + insert_env(format_env("HOME", user_dir, VNULL), 0); + if (!(didvar & DID_SHELL)) + insert_env(format_env("SHELL", sudo_user.pw->pw_shell, VNULL), 0); + if (!(didvar & DID_LOGNAME)) + insert_env(format_env("LOGNAME", user_name, VNULL), 0); + if (!(didvar & DID_USER)) + insert_env(format_env("USER", user_name, VNULL), 0); + } } else { /* * Copy envp entries as long as they don't match env_delete or @@ -462,7 +470,7 @@ rebuild_env(envp, reset_home, noexec) } /* Set $HOME for `sudo -H'. Only valid at PERM_FULL_RUNAS. */ - if (reset_home && runas_pw->pw_dir) + if ((sudo_mode & MODE_RESET_HOME) && runas_pw->pw_dir) insert_env(format_env("HOME", runas_pw->pw_dir, VNULL), 1); /* diff --git a/sudo.c b/sudo.c index 36802089e..c514e39bf 100644 --- a/sudo.c +++ b/sudo.c @@ -132,7 +132,7 @@ extern struct passwd *sudo_pwdup __P((const struct passwd *)); * Globals */ int Argc, NewArgc; -int sudo_mode; +static int sudo_mode; char **Argv, **NewArgv; struct sudo_user sudo_user; struct passwd *auth_pw; @@ -344,8 +344,7 @@ main(argc, argv, envp) check_user(validated & FLAG_CHECK_USER); /* Build up custom environment that avoids any nasty bits. */ - new_environ = rebuild_env(envp, (sudo_mode & MODE_RESET_HOME), - (validated & FLAG_NOEXEC)); + new_environ = rebuild_env(envp, sudo_mode, (validated & FLAG_NOEXEC)); if (validated & VALIDATE_OK) { /* Finally tell the user if the command did not exist. */ -- 2.40.0