From 53299b78a0e1bbb5978520f14e1d412cb8c0f2ef Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Tue, 8 Jan 2002 14:20:57 +0000
Subject: [PATCH] Defer assigning new environment until right before the exec.

---
 sudo.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/sudo.c b/sudo.c
index 8528f6107..2df2f0f4e 100644
--- a/sudo.c
+++ b/sudo.c
@@ -155,6 +155,7 @@ main(argc, argv, envp)
     int cmnd_status;
     int sudo_mode;
     int pwflag;
+    char **new_environ;
     sigaction_t sa;
     extern int printmatches;
     extern char **environ;
@@ -271,8 +272,8 @@ main(argc, argv, envp)
 	    log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", *user_runas);
     }
 
-    /* Customize environment and get rid of any nasty bits. */
-    environ = rebuild_env(sudo_mode, envp);
+    /* Build up custom environment that avoids any nasty bits. */
+    new_environ = rebuild_env(sudo_mode, envp);
 
     /* This goes after the sudoers parse since we honor sudoers options. */
     if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) {
@@ -369,6 +370,9 @@ main(argc, argv, envp)
 	/* Become specified user or root. */
 	set_perms(PERM_RUNAS, sudo_mode);
 
+	/* Install the new environment. */
+	environ = new_environ;
+
 #ifndef PROFILING
 	if ((sudo_mode & MODE_BACKGROUND) && fork() > 0)
 	    exit(0);
-- 
2.40.0