Brian May <br...@microcomaustralia.com.au> writes: > I thought sudo was suppose to be ok, sure doesn't look ok to me.
> brian@aquitard:~$ sudo echo='() { /bin/echo bar; }' bash > root@aquitard:/home/brian# echo hello > bar I think you have that backwards, don't you? Shouldn't that be: echo='() { /bin/echo bar; }' sudo bash if you're testing whether sudo sanitizes the environment? I believe the syntax that you're using runs the command: echo='() { /bin/echo bar; }' bash under sudo. If you have all-command sudo privileges, you can indeed run whatever you want via sudo, including commands that set various interesting environment variables. :) sudo should stop you from doing things like this unless you've explicitly told sudo to allow the client to set any environment variable. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87a95np1zi....@hope.eyrie.org