From d537daf787bde97d8dec585efae1551f40e88efe Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Mon, 24 Sep 2018 05:30:28 -0600
Subject: [PATCH] Treat LOGIN, LOGNAME and USER specially.  If one is preserved
 or deleted we want to preserve or delete all of them.

---
 doc/sudoers.cat       |  6 ++++--
 doc/sudoers.man.in    | 12 +++++++++---
 doc/sudoers.mdoc.in   | 12 +++++++++---
 plugins/sudoers/env.c | 37 ++++++++++++++++++++++++++++++++++---
 4 files changed, 56 insertions(+), 11 deletions(-)

diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index b2c9327e6..eb11d1485 100644
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -130,7 +130,9 @@ DDEESSCCRRIIPPTTIIOONN
      to variables from the invoking process permitted by the _e_n_v___c_h_e_c_k and
      _e_n_v___k_e_e_p options.  This is effectively a whitelist for environment
      variables.  The environment variables LOGNAME and USER are treated
-     specially.  If only one of them is preserved from user's environment, the
+     specially.  If one of them is preserved (or removed) from user's
+     environment, the other will be as well.  If LOGNAME and USER are to be
+     preserved but only one of them is present in the user's environment, the
      other will be set to the same value.  This avoids an inconsistent
      environment where one of the variables describing the user name is set to
      the invoking user and one is set to the target user.  () are removed
@@ -2925,4 +2927,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or https://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.26                     August 7, 2018                     Sudo 1.8.26
+Sudo 1.8.26                   September 24, 2018                   Sudo 1.8.26
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index c9f75eba4..ca37eb334 100644
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -20,7 +20,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDOERS" "5" "August 7, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "September 24, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -325,8 +325,14 @@ The environment variables
 and
 \fRUSER\fR
 are treated specially.
-If only one of them is preserved from user's environment, the other
-will be set to the same value.
+If one of them is preserved (or removed) from user's environment, the other
+will be as well.
+If
+\fRLOGNAME\fR
+and
+\fRUSER\fR
+are to be preserved but only one of them is present in the user's environment,
+the other will be set to the same value.
 This avoids an inconsistent environment where one of the variables
 describing the user name is set to the invoking user and one is
 set to the target user.
diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index d9214ae48..c7e3fb0d2 100644
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd August 7, 2018
+.Dd September 24, 2018
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -315,8 +315,14 @@ The environment variables
 and
 .Ev USER
 are treated specially.
-If only one of them is preserved from user's environment, the other
-will be set to the same value.
+If one of them is preserved (or removed) from user's environment, the other
+will be as well.
+If
+.Ev LOGNAME
+and
+.Ev USER
+are to be preserved but only one of them is present in the user's environment,
+the other will be set to the same value.
 This avoids an inconsistent environment where one of the variables
 describing the user name is set to the invoking user and one is
 set to the target user.
diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c
index f2a3b274f..b708761b4 100644
--- a/plugins/sudoers/env.c
+++ b/plugins/sudoers/env.c
@@ -578,11 +578,42 @@ static bool
 matches_env_list(const char *var, struct list_members *list, bool *full_match)
 {
     struct list_member *cur;
+    bool is_logname = false;
     debug_decl(matches_env_list, SUDOERS_DEBUG_ENV)
 
-    SLIST_FOREACH(cur, list, entries) {
-	if (matches_env_pattern(cur->value, var, full_match))
-	    debug_return_bool(true);
+    switch (*var) {
+    case 'L':
+	if (strncmp(var, "LOGNAME=", 8) == 0)
+	    is_logname = true;
+#ifdef _AIX
+	else if (strncmp(var, "LOGIN=", 6) == 0)
+	    is_logname = true;
+#endif
+	break;
+    case 'U':
+	if (strncmp(var, "USER=", 5) == 0)
+	    is_logname = true;
+	break;
+    }
+
+    if (is_logname) {
+	/*
+	 * We treat LOGIN, LOGNAME and USER specially.
+	 * If one is preserved/deleted we want to preserve/delete them all.
+	 */
+	SLIST_FOREACH(cur, list, entries) {
+	    if (matches_env_pattern(cur->value, "LOGNAME", full_match) ||
+#ifdef _AIX
+		matches_env_pattern(cur->value, "LOGIN", full_match) ||
+#endif
+		matches_env_pattern(cur->value, "USER", full_match))
+		debug_return_bool(true);
+	}
+    } else {
+	SLIST_FOREACH(cur, list, entries) {
+	    if (matches_env_pattern(cur->value, var, full_match))
+		debug_return_bool(true);
+	}
     }
     debug_return_bool(false);
 }
-- 
2.50.1