Bring back the "secure_path" Defaults option now that Defaults take

effect before the path is searched.
2025-08-31 06:15:37 +00:00 · 2004-11-12 16:19:19 +00:00
parent 541908f1bd
commit a768dbc34f
11 changed files with 254 additions and 216 deletions
--- a/env.c
+++ b/env.c
@@ -467,10 +467,9 @@ rebuild_env(envp, sudo_mode, noexec)
    if (!ISSET(didvar, DID_PATH))
 	insert_env(format_env("PATH", _PATH_DEFPATH, VNULL), 0);

-#ifdef SECURE_PATH
    /* Replace the PATH envariable with a secure one. */
-    insert_env(format_env("PATH", SECURE_PATH, VNULL), 1);
-#endif
+    if (def_secure_path && !user_is_exempt())
+	insert_env(format_env("PATH", def_secure_path, VNULL), 1);

    /* Set $USER and $LOGNAME to target if "set_logname" is true. */
    if (def_set_logname && runas_pw->pw_name) {