** Description changed: Currently Ubuntu hard-coded sudo to preserve HOME environment variable to point to sudo caller's home directory by default(refer bug #760140) however this is dangerous and error-prone because the program run by root may write files (e.g. $HOME/.Xauthority , program config files) into the HOME directory **AS ROOT** which, will cause issue when users run the same program as themselves and even make the user failed to login(due to .Xauthority file owner is incorrect) - In my opinion the Ubuntu patch that make $HOME variable keep in sudo is - INSANE and should be reverted(Ubuntu should use the safest configuration - to general users by default), any user wish to run command as root using - their HOME directory should set env_keep in /etc/sudoers themselves and - acknowledging the consequences. + In my opinion the Ubuntu patch(keep_home_by_default.patch) that make + $HOME variable keep in sudo is INSANE and should be reverted(Ubuntu + should use the safest configuration to general users by default), any + user wish to run command as root using their HOME directory should set + env_keep in /etc/sudoers themselves and acknowledging the consequences. RootSudo - Community Help Wiki(https://help.ubuntu.com/community/RootSudo ) wrongly tells that graphical application shouldn't be launch by sudo, but in fact the real issue falls into this bug. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: sudo 1.8.9p5-1ubuntu1 ProcVersionSignature: Ubuntu 3.16.0-17.23-lowlatency 3.16.3 Uname: Linux 3.16.0-17-lowlatency i686 ApportVersion: 2.14.1-0ubuntu3.4 Architecture: i386 CurrentDesktop: KDE Date: Thu Sep 25 00:08:44 2014 InstallationDate: Installed on 2013-03-08 (564 days ago) InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release i386 (20121017.2) SourcePackage: sudo UpgradeStatus: Upgraded to trusty on 2014-04-19 (158 days ago) VisudoCheck: /etc/sudoers: parsed OK /etc/sudoers.d/Preserve_input_method_required_environmental_variables: parsed OK /etc/sudoers.d/README: parsed OK modified.conffile..etc.sudoers.d.README: [modified] mtime.conffile..etc.sudoers.d.README: 2014-09-24T22:26:35.734703
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1373495 Title: sudo shouldn't preserve caller's HOME environment variable by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1373495/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
