mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-28 21:07:55 +00:00
Code Issues Releases Wiki Activity

If env_reset is enabled, set the MAIL environment variable based

Browse Source 
on the target user unless MAIL is explicitly preserved in sudoers.
This commit is contained in:
Todd C. Miller 2010-07-19 12:50:59 -04:00
parent 0f3c1b5903
commit 69ecb34581
13 changed files with 209 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
WHATSNEW
View File

@ -42,6 +42,10 @@ What's new in Sudo 1.7.4?
more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
* If env_reset is enabled in sudoers (the default), sudo will now set
the MAIL environment variable based on the target user unless MAIL is
explicitly preserved in sudoers. Previously MAIL was passed unchanged.
What's new in Sudo 1.7.3? What's new in Sudo 1.7.3?
* Support for logging I/O for the command being run. * Support for logging I/O for the command being run.

35
aclocal.m4 vendored
View File

@ -109,7 +109,7 @@ if test -z "$timedir"; then
for d in /var/db /var/lib /var/adm /usr/adm; do for d in /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then if test -d "$d"; then
timedir="$d/sudo" timedir="$d/sudo"
break; break
fi fi
done done
fi fi
@ -327,6 +327,39 @@ AC_DEFUN(SUDO_APPEND_LIBPATH, [
fi fi
]) ])
dnl
dnl Determine the mail spool location
dnl NOTE: must be run *after* check for paths.h
dnl
AC_DEFUN(SUDO_MAILDIR, [
maildir=no
if test X"$ac_cv_header_paths_h" = X"yes"; then
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
#include <paths.h>
int main() {char *p = _PATH_MAILDIR;}], [])], [maildir=yes], [])
fi
if test $maildir = no; then
# Solaris has maillock.h which defines MAILDIR
AC_CHECK_HEADERS(maillock.h, [
SUDO_DEFINE(_PATH_MAILDIR, MAILDIR)
maildir=yes
])
if test $maildir = no; then
for d in /var/mail /var/spool/mail /usr/spool/mail; do
if test -d "$d"; then
maildir=yes
SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "$d")
break
fi
done
if test $maildir = no; then
# unable to find mail dir, hope for the best
SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "/var/mail")
fi
fi
fi
])
dnl dnl
dnl private versions of AC_DEFINE and AC_DEFINE_UNQUOTED that don't support dnl private versions of AC_DEFINE and AC_DEFINE_UNQUOTED that don't support
dnl tracing that we use to define paths for pathnames.h so autoheader doesn't dnl tracing that we use to define paths for pathnames.h so autoheader doesn't

3
config.h.in
View File

@ -316,6 +316,9 @@
/* Define to 1 if you have the `lrand48' function. */ /* Define to 1 if you have the `lrand48' function. */
#undef HAVE_LRAND48 #undef HAVE_LRAND48
/* Define to 1 if you have the <maillock.h> header file. */
#undef HAVE_MAILLOCK_H
/* Define to 1 if you have the <malloc.h> header file. */ /* Define to 1 if you have the <malloc.h> header file. */
#undef HAVE_MALLOC_H #undef HAVE_MALLOC_H

64
configure vendored
View File

@ -13845,6 +13845,68 @@ $as_echo "$ac_cv_sys_posix_termios" >&6; }
if test "$ac_cv_sys_posix_termios" != "yes"; then if test "$ac_cv_sys_posix_termios" != "yes"; then
as_fn_error "Must have POSIX termios to build sudo" "$LINENO" 5 as_fn_error "Must have POSIX termios to build sudo" "$LINENO" 5
fi fi
maildir=no
if test X"$ac_cv_header_paths_h" = X"yes"; then
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
$ac_includes_default
#include <paths.h>
int main() {char *p = _PATH_MAILDIR;}
int
main ()
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
maildir=yes
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
if test $maildir = no; then
# Solaris has maillock.h which defines MAILDIR
for ac_header in maillock.h
do :
ac_fn_c_check_header_mongrel "$LINENO" "maillock.h" "ac_cv_header_maillock_h" "$ac_includes_default"
if test "x$ac_cv_header_maillock_h" = x""yes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_MAILLOCK_H 1
_ACEOF
cat >>confdefs.h <<\EOF
#define _PATH_MAILDIR MAILDIR
EOF
maildir=yes
fi
done
if test $maildir = no; then
for d in /var/mail /var/spool/mail /usr/spool/mail; do
if test -d "$d"; then
maildir=yes
cat >>confdefs.h <<EOF
#define _PATH_MAILDIR "$d"
EOF
break
fi
done
if test $maildir = no; then
# unable to find mail dir, hope for the best
cat >>confdefs.h <<EOF
#define _PATH_MAILDIR "/var/mail"
EOF
fi
fi
fi
if test ${with_logincap-'no'} != "no"; then if test ${with_logincap-'no'} != "no"; then
for ac_header in login_cap.h for ac_header in login_cap.h
do : do :
@ -17854,7 +17916,7 @@ if test -z "$timedir"; then
for d in /var/db /var/lib /var/adm /usr/adm; do for d in /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then if test -d "$d"; then
timedir="$d/sudo" timedir="$d/sudo"
break; break
fi fi
done done
fi fi

1
configure.in
View File

@ -1866,6 +1866,7 @@ AC_SYS_POSIX_TERMIOS
if test "$ac_cv_sys_posix_termios" != "yes"; then if test "$ac_cv_sys_posix_termios" != "yes"; then
AC_MSG_ERROR([Must have POSIX termios to build sudo]) AC_MSG_ERROR([Must have POSIX termios to build sudo])
fi fi
SUDO_MAILDIR
if test ${with_logincap-'no'} != "no"; then if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1 AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
case "$OS" in case "$OS" in

42
doc/sudo.cat
View File

@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.8.0b1 July 1, 2010 1 1.8.0b1 July 19, 2010 1
@ -127,7 +127,7 @@ OOPPTTIIOONNSS
1.8.0b1 July 1, 2010 2 1.8.0b1 July 19, 2010 2
@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0b1 July 1, 2010 3 1.8.0b1 July 19, 2010 3
@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0b1 July 1, 2010 4 1.8.0b1 July 19, 2010 4
@ -325,7 +325,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.8.0b1 July 1, 2010 5 1.8.0b1 July 19, 2010 5
@ -391,7 +391,7 @@ PPLLUUGGIINNSS
1.8.0b1 July 1, 2010 6 1.8.0b1 July 19, 2010 6
@ -457,7 +457,7 @@ SSEECCUURRIITTYY NNOOTTEESS
1.8.0b1 July 1, 2010 7 1.8.0b1 July 19, 2010 7
@ -481,6 +481,9 @@ EENNVVIIRROONNMMEENNTT
EDITOR Default editor to use in --ee (sudoedit) mode if neither EDITOR Default editor to use in --ee (sudoedit) mode if neither
SUDO_EDITOR nor VISUAL is set SUDO_EDITOR nor VISUAL is set
MAIL In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set
to the mail spool of the target user
HOME In --ii, --ss or --HH mode (or if sudo was configured with HOME In --ii, --ss or --HH mode (or if sudo was configured with
the --enable-shell-sets-home option), set to homedir of the --enable-shell-sets-home option), set to homedir of
the target user the target user
@ -517,13 +520,10 @@ EENNVVIIRROONNMMEENNTT
FFIILLEESS FFIILLEESS
_/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo plugin and path configuration _/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo plugin and path configuration
EEXXAAMMPPLLEESS
Note: the following examples assume a properly configured security
policy.
1.8.0b1 July 1, 2010 8 1.8.0b1 July 19, 2010 8
@ -532,6 +532,10 @@ EEXXAAMMPPLLEESS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
EEXXAAMMPPLLEESS
Note: the following examples assume a properly configured security
policy.
To get a file listing of an unreadable directory: To get a file listing of an unreadable directory:
$ sudo ls /usr/local/protected $ sudo ls /usr/local/protected
@ -582,14 +586,10 @@ CCAAVVEEAATTSS
programs (such as editors) allow the user to run commands via shell programs (such as editors) allow the user to run commands via shell
escapes, thus avoiding ssuuddoo's checks. However, on most systems it is escapes, thus avoiding ssuuddoo's checks. However, on most systems it is
possible to prevent shell escapes with the _s_u_d_o_e_r_s(4) module's _n_o_e_x_e_c possible to prevent shell escapes with the _s_u_d_o_e_r_s(4) module's _n_o_e_x_e_c
functionality.
It is not meaningful to run the cd command directly via sudo, e.g.,
1.8.0b1 July 19, 2010 9
1.8.0b1 July 1, 2010 9
@ -598,6 +598,10 @@ CCAAVVEEAATTSS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
functionality.
It is not meaningful to run the cd command directly via sudo, e.g.,
$ sudo cd /usr/local/protected $ sudo cd /usr/local/protected
since when the command exits the parent process (your shell) will still since when the command exits the parent process (your shell) will still
@ -651,10 +655,6 @@ DDIISSCCLLAAIIMMEERR
1.8.0b1 July 19, 2010 10
1.8.0b1 July 1, 2010 10

7
doc/sudo.man.in
View File

@ -149,7 +149,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDO @mansectsu@" .IX Title "SUDO @mansectsu@"
.TH SUDO @mansectsu@ "July 1, 2010" "1.8.0b1" "MAINTENANCE COMMANDS" .TH SUDO @mansectsu@ "July 19, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@ -597,6 +597,11 @@ policy has control over the content of the command's environment.
.IX Item "EDITOR" .IX Item "EDITOR"
Default editor to use in \fB\-e\fR (sudoedit) mode if neither \f(CW\*(C`SUDO_EDITOR\*(C'\fR Default editor to use in \fB\-e\fR (sudoedit) mode if neither \f(CW\*(C`SUDO_EDITOR\*(C'\fR
nor \f(CW\*(C`VISUAL\*(C'\fR is set nor \f(CW\*(C`VISUAL\*(C'\fR is set
.ie n .IP "\*(C`MAIL\*(C'" 16
.el .IP "\f(CW\*(C`MAIL\*(C'\fR" 16
.IX Item "MAIL"
In \fB\-i\fR mode or when \fIenv_reset\fR is enabled in \fIsudoers\fR, set
to the mail spool of the target user
.ie n .IP "\*(C`HOME\*(C'" 16 .ie n .IP "\*(C`HOME\*(C'" 16
.el .IP "\f(CW\*(C`HOME\*(C'\fR" 16 .el .IP "\f(CW\*(C`HOME\*(C'\fR" 16
.IX Item "HOME" .IX Item "HOME"

5
doc/sudo.pod
View File

@ -498,6 +498,11 @@ policy has control over the content of the command's environment.
Default editor to use in B<-e> (sudoedit) mode if neither C<SUDO_EDITOR> Default editor to use in B<-e> (sudoedit) mode if neither C<SUDO_EDITOR>
nor C<VISUAL> is set nor C<VISUAL> is set
=item C<MAIL>
In B<-i> mode or when I<env_reset> is enabled in I<sudoers>, set
to the mail spool of the target user
=item C<HOME> =item C<HOME>
In B<-i>, B<-s> or B<-H> mode (or if sudo was configured with the In B<-i>, B<-s> or B<-H> mode (or if sudo was configured with the

70
doc/sudoers.cat
View File

@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.8.0b1 July 16, 2010 1 1.8.0b1 July 19, 2010 1
@ -80,9 +80,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
By default, the _e_n_v___r_e_s_e_t option is enabled. This causes commands to By default, the _e_n_v___r_e_s_e_t option is enabled. This causes commands to
be executed with a minimal environment containing TERM, PATH, HOME, be executed with a minimal environment containing TERM, PATH, HOME,
SHELL, LOGNAME, USER and USERNAME in addition to variables from the MAIL, SHELL, LOGNAME, USER and USERNAME in addition to variables from
invoking process permitted by the _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options. This the invoking process permitted by the _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options.
is effectively a whitelist for environment variables. This is effectively a whitelist for environment variables.
If, however, the _e_n_v___r_e_s_e_t option is disabled, any variables not If, however, the _e_n_v___r_e_s_e_t option is disabled, any variables not
explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are inherited explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are inherited
@ -107,8 +107,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
As a special case, If ssuuddoo's --ii option (initial login) is specified, As a special case, If ssuuddoo's --ii option (initial login) is specified,
_s_u_d_o_e_r_s will initialize the environment regardless of the value of _s_u_d_o_e_r_s will initialize the environment regardless of the value of
_e_n_v___r_e_s_e_t. The _D_I_S_P_L_A_Y, _P_A_T_H and _T_E_R_M variables remain unchanged; _e_n_v___r_e_s_e_t. The _D_I_S_P_L_A_Y, _P_A_T_H and _T_E_R_M variables remain unchanged;
_H_O_M_E, _S_H_E_L_L, _U_S_E_R, and _L_O_G_N_A_M_E are set based on the target user. On _H_O_M_E, _M_A_I_L, _S_H_E_L_L, _U_S_E_R, and _L_O_G_N_A_M_E are set based on the target user.
Linux and AIX systems the contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are also On Linux and AIX systems the contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are also
included. All other environment variables are removed. included. All other environment variables are removed.
SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
@ -127,7 +127,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
1.8.0b1 July 16, 2010 2 1.8.0b1 July 19, 2010 2
@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 3 1.8.0b1 July 19, 2010 3
@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 4 1.8.0b1 July 19, 2010 4
@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 5 1.8.0b1 July 19, 2010 5
@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 6 1.8.0b1 July 19, 2010 6
@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 7 1.8.0b1 July 19, 2010 7
@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 8 1.8.0b1 July 19, 2010 8
@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 9 1.8.0b1 July 19, 2010 9
@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 10 1.8.0b1 July 19, 2010 10
@ -721,7 +721,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
1.8.0b1 July 16, 2010 11 1.8.0b1 July 19, 2010 11
@ -752,7 +752,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
specified in editor. This flag is _o_f_f by default. specified in editor. This flag is _o_f_f by default.
env_reset If set, ssuuddoo will reset the environment to only contain env_reset If set, ssuuddoo will reset the environment to only contain
the LOGNAME, SHELL, USER, USERNAME and the SUDO_* the LOGNAME, MAIL, SHELL, USER, USERNAME and the SUDO_*
variables. Any variables in the caller's environment variables. Any variables in the caller's environment
that match the env_keep and env_check lists are then that match the env_keep and env_check lists are then
added. The default contents of the env_keep and added. The default contents of the env_keep and
@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 12 1.8.0b1 July 19, 2010 12
@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 13 1.8.0b1 July 19, 2010 13
@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 14 1.8.0b1 July 19, 2010 14
@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 15 1.8.0b1 July 19, 2010 15
@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 16 1.8.0b1 July 19, 2010 16
@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 17 1.8.0b1 July 19, 2010 17
@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 18 1.8.0b1 July 19, 2010 18
@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 19 1.8.0b1 July 19, 2010 19
@ -1315,7 +1315,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 20 1.8.0b1 July 19, 2010 20
@ -1381,7 +1381,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 21 1.8.0b1 July 19, 2010 21
@ -1447,7 +1447,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 22 1.8.0b1 July 19, 2010 22
@ -1513,7 +1513,7 @@ EEXXAAMMPPLLEESS
1.8.0b1 July 16, 2010 23 1.8.0b1 July 19, 2010 23
@ -1579,7 +1579,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 24 1.8.0b1 July 19, 2010 24
@ -1645,7 +1645,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 16, 2010 25 1.8.0b1 July 19, 2010 25
@ -1711,7 +1711,7 @@ SSEECCUURRIITTYY NNOOTTEESS
1.8.0b1 July 16, 2010 26 1.8.0b1 July 19, 2010 26
@ -1777,7 +1777,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
1.8.0b1 July 16, 2010 27 1.8.0b1 July 19, 2010 27
@ -1843,7 +1843,7 @@ SSEECCUURRIITTYY NNOOTTEESS
1.8.0b1 July 16, 2010 28 1.8.0b1 July 19, 2010 28
@ -1909,6 +1909,6 @@ DDIISSCCLLAAIIMMEERR
1.8.0b1 July 16, 2010 29 1.8.0b1 July 19, 2010 29

14
doc/sudoers.man.in
View File

@ -148,7 +148,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDOERS @mansectform@" .IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "July 16, 2010" "1.8.0b1" "MAINTENANCE COMMANDS" .TH SUDOERS @mansectform@ "July 19, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@ -219,7 +219,7 @@ distinct ways \fIsudoers\fR can deal with environment variables.
.PP .PP
By default, the \fIenv_reset\fR option is enabled. This causes commands By default, the \fIenv_reset\fR option is enabled. This causes commands
to be executed with a minimal environment containing \f(CW\*(C`TERM\*(C'\fR, to be executed with a minimal environment containing \f(CW\*(C`TERM\*(C'\fR,
\&\f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR and \f(CW\*(C`USERNAME\*(C'\fR in \&\f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`MAIL\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR and \f(CW\*(C`USERNAME\*(C'\fR in
addition to variables from the invoking process permitted by the addition to variables from the invoking process permitted by the
\&\fIenv_check\fR and \fIenv_keep\fR options. This is effectively a whitelist \&\fIenv_check\fR and \fIenv_keep\fR options. This is effectively a whitelist
for environment variables. for environment variables.
@ -247,10 +247,10 @@ and, as such, it is not possible for \fBsudo\fR to preserve them.
As a special case, If \fBsudo\fR's \fB\-i\fR option (initial login) is As a special case, If \fBsudo\fR's \fB\-i\fR option (initial login) is
specified, \fIsudoers\fR will initialize the environment regardless specified, \fIsudoers\fR will initialize the environment regardless
of the value of \fIenv_reset\fR. The \fI\s-1DISPLAY\s0\fR, \fI\s-1PATH\s0\fR and \fI\s-1TERM\s0\fR of the value of \fIenv_reset\fR. The \fI\s-1DISPLAY\s0\fR, \fI\s-1PATH\s0\fR and \fI\s-1TERM\s0\fR
variables remain unchanged; \fI\s-1HOME\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, and \fI\s-1LOGNAME\s0\fR variables remain unchanged; \fI\s-1HOME\s0\fR, \fI\s-1MAIL\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR,
are set based on the target user. On Linux and \s-1AIX\s0 systems the and \fI\s-1LOGNAME\s0\fR are set based on the target user. On Linux and \s-1AIX\s0
contents of \fI/etc/environment\fR are also included. All other systems the contents of \fI/etc/environment\fR are also included. All
environment variables are removed. other environment variables are removed.
.SH "SUDOERS FILE FORMAT" .SH "SUDOERS FILE FORMAT"
.IX Header "SUDOERS FILE FORMAT" .IX Header "SUDOERS FILE FORMAT"
The \fIsudoers\fR file is composed of two types of entries: aliases The \fIsudoers\fR file is composed of two types of entries: aliases
@ -861,7 +861,7 @@ default.
.IP "env_reset" 16 .IP "env_reset" 16
.IX Item "env_reset" .IX Item "env_reset"
If set, \fBsudo\fR will reset the environment to only contain the If set, \fBsudo\fR will reset the environment to only contain the
\&\s-1LOGNAME\s0, \s-1SHELL\s0, \s-1USER\s0, \s-1USERNAME\s0 and the \f(CW\*(C`SUDO_*\*(C'\fR variables. Any \&\s-1LOGNAME\s0, \s-1MAIL\s0, \s-1SHELL\s0, \s-1USER\s0, \s-1USERNAME\s0 and the \f(CW\*(C`SUDO_*\*(C'\fR variables. Any
variables in the caller's environment that match the \f(CW\*(C`env_keep\*(C'\fR variables in the caller's environment that match the \f(CW\*(C`env_keep\*(C'\fR
and \f(CW\*(C`env_check\*(C'\fR lists are then added. The default contents of the and \f(CW\*(C`env_check\*(C'\fR lists are then added. The default contents of the
\&\f(CW\*(C`env_keep\*(C'\fR and \f(CW\*(C`env_check\*(C'\fR lists are displayed when \fBsudo\fR is \&\f(CW\*(C`env_keep\*(C'\fR and \f(CW\*(C`env_check\*(C'\fR lists are displayed when \fBsudo\fR is

12
doc/sudoers.pod
View File

@ -90,7 +90,7 @@ distinct ways I<sudoers> can deal with environment variables.
By default, the I<env_reset> option is enabled. This causes commands By default, the I<env_reset> option is enabled. This causes commands
to be executed with a minimal environment containing C<TERM>, to be executed with a minimal environment containing C<TERM>,
C<PATH>, C<HOME>, C<SHELL>, C<LOGNAME>, C<USER> and C<USERNAME> in C<PATH>, C<HOME>, C<MAIL>, C<SHELL>, C<LOGNAME>, C<USER> and C<USERNAME> in
addition to variables from the invoking process permitted by the addition to variables from the invoking process permitted by the
I<env_check> and I<env_keep> options. This is effectively a whitelist I<env_check> and I<env_keep> options. This is effectively a whitelist
for environment variables. for environment variables.
@ -118,10 +118,10 @@ and, as such, it is not possible for B<sudo> to preserve them.
As a special case, If B<sudo>'s B<-i> option (initial login) is As a special case, If B<sudo>'s B<-i> option (initial login) is
specified, I<sudoers> will initialize the environment regardless specified, I<sudoers> will initialize the environment regardless
of the value of I<env_reset>. The I<DISPLAY>, I<PATH> and I<TERM> of the value of I<env_reset>. The I<DISPLAY>, I<PATH> and I<TERM>
variables remain unchanged; I<HOME>, I<SHELL>, I<USER>, and I<LOGNAME> variables remain unchanged; I<HOME>, I<MAIL>, I<SHELL>, I<USER>,
are set based on the target user. On Linux and AIX systems the and I<LOGNAME> are set based on the target user. On Linux and AIX
contents of F</etc/environment> are also included. All other systems the contents of F</etc/environment> are also included. All
environment variables are removed. other environment variables are removed.
=head1 SUDOERS FILE FORMAT =head1 SUDOERS FILE FORMAT
@ -727,7 +727,7 @@ default.
=item env_reset =item env_reset
If set, B<sudo> will reset the environment to only contain the If set, B<sudo> will reset the environment to only contain the
LOGNAME, SHELL, USER, USERNAME and the C<SUDO_*> variables. Any LOGNAME, MAIL, SHELL, USER, USERNAME and the C<SUDO_*> variables. Any
variables in the caller's environment that match the C<env_keep> variables in the caller's environment that match the C<env_keep>
and C<env_check> lists are then added. The default contents of the and C<env_check> lists are then added. The default contents of the
C<env_keep> and C<env_check> lists are displayed when B<sudo> is C<env_keep> and C<env_check> lists are displayed when B<sudo> is

4
pathnames.h.in
View File

@ -133,6 +133,10 @@
#define _PATH_USRTMP "/usr/tmp/" #define _PATH_USRTMP "/usr/tmp/"
#endif /* _PATH_USRTMP */ #endif /* _PATH_USRTMP */
#ifndef _PATH_MAILDIR
#undef _PATH_MAILDIR
#endif /* _PATH_MAILDIR */
#ifndef _PATH_SUDO_SESH #ifndef _PATH_SUDO_SESH
#undef _PATH_SUDO_SESH #undef _PATH_SUDO_SESH
#endif /* _PATH_SUDO_SESH */ #endif /* _PATH_SUDO_SESH */

21
plugins/sudoers/env.c
View File

@ -65,6 +65,8 @@
#define DID_USER 0x0020 #define DID_USER 0x0020
#undef DID_USERNAME #undef DID_USERNAME
#define DID_USERNAME 0x0040 #define DID_USERNAME 0x0040
#undef DID_MAIL
#define DID_MAIL 0x0080
#undef DID_MAX #undef DID_MAX
#define DID_MAX 0x00ff #define DID_MAX 0x00ff
@ -82,6 +84,8 @@
#define KEPT_USER 0x2000 #define KEPT_USER 0x2000
#undef KEPT_USERNAME #undef KEPT_USERNAME
#define KEPT_USERNAME 0x4000 #define KEPT_USERNAME 0x4000
#undef KEPT_MAIL
#define KEPT_MAIL 0x8000
#undef KEPT_MAX #undef KEPT_MAX
#define KEPT_MAX 0xff00 #define KEPT_MAX 0xff00
@ -192,7 +196,6 @@ static const char *initial_keepenv_table[] = {
"HOSTNAME", "HOSTNAME",
"KRB5CCNAME", "KRB5CCNAME",
"LS_COLORS", "LS_COLORS",
"MAIL",
"PATH", "PATH",
"PS1", "PS1",
"PS2", "PS2",
@ -460,6 +463,10 @@ rebuild_env(int noexec)
if (strncmp(*ep, "LOGNAME=", 8) == 0) if (strncmp(*ep, "LOGNAME=", 8) == 0)
SET(didvar, DID_LOGNAME); SET(didvar, DID_LOGNAME);
break; break;
case 'M':
if (strncmp(*ep, "MAIL=", 5) == 0)
SET(didvar, DID_MAIL);
break;
case 'P': case 'P':
if (strncmp(*ep, "PATH=", 5) == 0) if (strncmp(*ep, "PATH=", 5) == 0)
SET(didvar, DID_PATH); SET(didvar, DID_PATH);
@ -509,6 +516,18 @@ rebuild_env(int noexec)
if (!ISSET(didvar, DID_USERNAME)) if (!ISSET(didvar, DID_USERNAME))
sudo_setenv("USERNAME", user_name, FALSE); sudo_setenv("USERNAME", user_name, FALSE);
} }
/*
* Set MAIL to target user in -i mode or if MAIL is not preserved
* from user's environment.
*/
if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, KEPT_MAIL)) {
cp = _PATH_MAILDIR;
if (cp[sizeof(_PATH_MAILDIR) - 2] == '/')
easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name);
else
easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name);
sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
}
} else { } else {
/* /*
* Copy environ entries as long as they don't match env_delete or * Copy environ entries as long as they don't match env_delete or