From a922ff68ac529b6e1c1d82912d3ffb19993da0c0 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 19 Jun 2007 00:33:55 +0000 Subject: [PATCH] Update descriptions of env_keep and env_check to match current reality. --- sudoers.pod | 60 ++++++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/sudoers.pod b/sudoers.pod index 4e5431dfc..626d88d92 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -417,13 +417,15 @@ This flag is I by default. =item set_logname -Normally, B will set the C and C environment variables -to the name of the target user (usually root unless the B<-u> flag is given). -However, since some programs (including the RCS revision control system) -use C to determine the real identity of the user, it may be desirable -to change this behavior. This can be done by negating the set_logname option. -Note that if the I option has not been disabled, entries in -the I list will override the value of I. +Normally, B will set the C, C and C +environment variables to the name of the target user (usually root +unless the B<-u> flag is given). However, since some programs +(including the RCS revision control system) use C to +determine the real identity of the user, it may be desirable to +change this behavior. This can be done by negating the set_logname +option. Note that if the I option has not been disabled, +entries in the I list will override the value of +I. =item stay_setuid @@ -439,14 +441,12 @@ function. =item env_reset If set, B will reset the environment to only contain the -following variables: C, C, C, C, -C, C, C and C (in addition to the C -variables). Of these, only C, C, C and C -are copied unaltered from the old environment. The other variables -are set to default values (possibly modified by the value of the -I option). If the I option is set, its -value will be used for the C environment variable. Other -variables may be preserved via the I option. +LOGNAME, SHELL, USER, USERNAME and the C variables. Any +variables in the caller's environment that match the C +and C lists are then added. The default contents of the +C and C lists are displayed when B is +run by root with the I<-V> option. If the I option +is set, its -value will be used for the C environment variable. This flag is I by default. =item use_loginclass @@ -623,7 +623,7 @@ Defaults to C<@badpri@>. A colon (':') separated list of editors allowed to be used with B. B will choose the editor that matches the user's -USER environment variable if possible, or the first editor in the +EDITOR environment variable if possible, or the first editor in the list that exists and is executable. The default is the path to vi on your system. @@ -785,9 +785,12 @@ be used to guard against printf-style format vulnerabilities in poorly-written programs. The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using -the C<=>, C<+=>, C<-=>, and C operators respectively. The default -list of environment variables to check is printed when B is -run by root with the I<-V> option. +the C<=>, C<+=>, C<-=>, and C operators respectively. Regardless +of whether the C option is enabled or disabled, variables +specified by C will be preserved in the environment if +they pass the aforementioned check. The default list of environment +variables to check is displayed when B is run by root with +the I<-V> option. =item env_delete @@ -796,7 +799,7 @@ The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and C operators respectively. The default list of environment -variables to remove is printed when B is run by root with the +variables to remove is displayed when B is run by root with the I<-V> option. Note that many operating systems will remove potentially dangerous variables from the environment of any setuid process (such as B). @@ -809,7 +812,8 @@ control over the environment B-spawned processes will receive. The argument may be a double-quoted, space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and -C operators respectively. This list has no default members. +C operators respectively. The default list of variables to keep +is displayed when B is run by root with the I<-V> option. =back @@ -1090,13 +1094,13 @@ Here we override some of the compiled in default values. We want B to log via L using the I facility in all cases. We don't want to subject the full time staff to the B lecture, user B need not give a password, and we don't -want to reset the C or C environment variables when -running commands as root. Additionally, on the machines in the -I C, we keep an additional local log file and -make sure we log the year in each log line since the log entries -will be kept around for several years. Lastly, we disable shell -escapes for the commands in the PAGERS C (/usr/bin/more, -/usr/bin/pg and /usr/bin/less). +want to reset the C, C or C environment +variables when running commands as root. Additionally, on the +machines in the I C, we keep an additional +local log file and make sure we log the year in each log line since +the log entries will be kept around for several years. Lastly, we +disable shell escapes for the commands in the PAGERS C +(/usr/bin/more, /usr/bin/pg and /usr/bin/less). # Override built-in defaults Defaults syslog=auth -- 2.40.0