Apologies for resubmission; I've jsut found this bug report. I'd like to
add my voice to the requests that this be re-evaluated. In particular,
"env_check" does not suffice.
See below:
From: Jan Grant <[EMAIL PROTECTED]>
Subject: sudo update to 1.6.8p7-1.3 breaks scripts: is this the permanent fix?
I'm looking at this:
http://www.debian.org/security/2006/dsa-946
I'm afraid I was just bitten by this. Sudo no longer conforms to the
behaviour described in its man pages: in particular, I don't mind if my
environment is stripped away from me but I'd expect that env_keep would
carry on working, or that I'd be able to supply "!env_reset" to avoid
the sanitisation in specific cases.
The issue I'm facing is that I have a large collection of scripts that
rely on sudo, and need environment variables passing through from caller
to callee. Unfortunately, the format of those variables' content
includes "/" characters - this is unavoidable. Alas, env_keep, etc, no
longer work as described.
I'm currently working around this by holding my sudo at 1.6.8p7-1.2;
however, I'd prefer to be able to track it normally.
Are the future plans for sudo to include this rather draconian "fix"? Is
this coming from upstream? (In which case I'll chase it with the
upstream supplier.) Otherwise I'd plead that the changes to sudo be
relaxed somewhat.
Many thanks for your excellent efforts.
Cheers,
jan
--
jan grant, ISYS, University of Bristol. http://www.bris.ac.uk/
Tel +44 (0)117 3317661 http://ioctl.org/jan/
The Java disclaimer: values of 'anywhere' may vary between regions.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
