Package: sudo Version: 1.6.8p7-1.3 Followup-For: Bug #349587
This bug is actually a bit more far sweeping. The patch made in the security advisory DSA 946-1 was not thought out at all. All of the mechanisms to provide the workaround functionality put in place were already in place. env_reset just needed to have the LC_* variables added to it and possibly be turned on by default. This change in 1.3 causes all sorts of un-intended breakage of automated systems which use sudo. In fact, explicitly setting env_keep+="HOME" is broken without first setting env_reset (even though the basic functionality is in place due to the patch). Just simply using env_keep+="HOME" will not even function. At the very least this should be documented if not completely reversed and re-thought out. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-16-dobbs-1 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages sudo depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam0g 0.76-22 Pluggable Authentication Modules l -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
