From bab4f2ce71e2afc9abbfc49afa7050c2c961593f Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Wed, 28 Mar 2012 14:10:18 -0400
Subject: [PATCH] regen

---
 doc/sudo_plugin.cat    |  2 +-
 doc/sudo_plugin.man.in |  2 +-
 doc/sudoers.cat        | 32 ++++++++++++++++++++------------
 doc/sudoers.man.in     | 32 ++++++++++++++++++++------------
 4 files changed, 42 insertions(+), 26 deletions(-)

diff --git a/doc/sudo_plugin.cat b/doc/sudo_plugin.cat
index 5ca98e1c9..3b8c9f4e2 100644
--- a/doc/sudo_plugin.cat
+++ b/doc/sudo_plugin.cat
@@ -1325,4 +1325,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.8.5b2                         March 16, 2012                 SUDO_PLUGIN(1m)
+1.8.5                           March 28, 2012                 SUDO_PLUGIN(1m)
diff --git a/doc/sudo_plugin.man.in b/doc/sudo_plugin.man.in
index af2ac6177..a6f489c0d 100644
--- a/doc/sudo_plugin.man.in
+++ b/doc/sudo_plugin.man.in
@@ -139,7 +139,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDO_PLUGIN @mansectsu@"
-.TH SUDO_PLUGIN @mansectsu@ "March 16, 2012" "1.8.5b2" "MAINTENANCE COMMANDS"
+.TH SUDO_PLUGIN @mansectsu@ "March 28, 2012" "1.8.5" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index e59a198a8..6033d16fb 100644
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -65,11 +65,15 @@ DDEESSCCRRIIPPTTIIOONN
        distinct ways _s_u_d_o_e_r_s can deal with environment variables.
 
        By default, the _e_n_v___r_e_s_e_t option is enabled.  This causes commands to
-       be executed with a minimal environment containing the TERM, PATH, HOME,
-       MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables in addition
-       to variables from the invoking process permitted by the _e_n_v___c_h_e_c_k and
-       _e_n_v___k_e_e_p options.  This is effectively a whitelist for environment
-       variables.
+       be executed with a new, minimal environment.  On AIX (and Linux systems
+       without PAM), the environment is initialized with the contents of the
+       _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t file.  On BSD systems, if the _u_s_e___l_o_g_i_n_c_l_a_s_s option is
+       enabled, the environment is initialized based on the _p_a_t_h and _s_e_t_e_n_v
+       settings in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f.  The new environment contains the TERM,
+       PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables
+       in addition to variables from the invoking process permitted by the
+       _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options.  This is effectively a whitelist for
+       environment variables.
 
        If, however, the _e_n_v___r_e_s_e_t option is disabled, any variables not
        explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are inherited
@@ -95,11 +99,15 @@ DDEESSCCRRIIPPTTIIOONN
        _s_u_d_o_e_r_s will initialize the environment regardless of the value of
        _e_n_v___r_e_s_e_t.  The _D_I_S_P_L_A_Y, _P_A_T_H and _T_E_R_M variables remain unchanged;
        _H_O_M_E, _M_A_I_L, _S_H_E_L_L, _U_S_E_R, and _L_O_G_N_A_M_E are set based on the target user.
-       On Linux and AIX systems the contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are also
-       included.  All other environment variables are removed.
+       On AIX (and Linux systems without PAM), the contents of
+       _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are also included.  On BSD systems, if the
+       _u_s_e___l_o_g_i_n_c_l_a_s_s option is enabled, the _p_a_t_h and _s_e_t_e_n_v variables in
+       _/_e_t_c_/_l_o_g_i_n_._c_o_n_f are also applied.  All other environment variables are
+       removed.
 
-       Lastly, if the _e_n_v___f_i_l_e option is defined, any variables present in
-       that file will be set to their specified values.
+       Finally, if the _e_n_v___f_i_l_e option is defined, any variables present in
+       that file will be set to their specified values as long as they would
+       not conflict with an existing environment variable.
 
 SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
        The _s_u_d_o_e_r_s file is composed of two types of entries: aliases
@@ -1458,8 +1466,8 @@ FFIILLEESS
        _/_v_a_r_/_a_d_m_/_s_u_d_o           Directory containing time stamps for the
                                _s_u_d_o_e_r_s security policy
 
-       _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t        Initial environment for --ii mode on Linux and
-                               AIX
+       _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t        Initial environment for --ii mode on AIX and
+                               Linux systems
 
 EEXXAAMMPPLLEESS
        Below are example _s_u_d_o_e_r_s entries.  Admittedly, some of these are a bit
@@ -1806,4 +1814,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.8.5                           March 15, 2012                      SUDOERS(4)
+1.8.5                           March 28, 2012                      SUDOERS(4)
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index 53792d2b2..6801a5740 100644
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -148,7 +148,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "March 15, 2012" "1.8.5" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "March 28, 2012" "1.8.5" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -218,11 +218,16 @@ environment are inherited by the command to be run.  There are two
 distinct ways \fIsudoers\fR can deal with environment variables.
 .PP
 By default, the \fIenv_reset\fR option is enabled.  This causes commands
-to be executed with a minimal environment containing the \f(CW\*(C`TERM\*(C'\fR,
-\&\f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`MAIL\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR, \f(CW\*(C`USERNAME\*(C'\fR
-and \f(CW\*(C`SUDO_*\*(C'\fR variables in addition to variables from the
-invoking process permitted by the \fIenv_check\fR and \fIenv_keep\fR
-options.  This is effectively a whitelist for environment variables.
+to be executed with a new, minimal environment.  On \s-1AIX\s0 (and Linux
+systems without \s-1PAM\s0), the environment is initialized with the
+contents of the \fI/etc/environment\fR file.  On \s-1BSD\s0 systems, if the
+\&\fIuse_loginclass\fR option is enabled, the environment is initialized
+based on the \fIpath\fR and \fIsetenv\fR settings in \fI/etc/login.conf\fR.
+The new environment contains the \f(CW\*(C`TERM\*(C'\fR, \f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`MAIL\*(C'\fR,
+\&\f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR, \f(CW\*(C`USERNAME\*(C'\fR and \f(CW\*(C`SUDO_*\*(C'\fR variables
+in addition to variables from the invoking process permitted by the
+\&\fIenv_check\fR and \fIenv_keep\fR options.  This is effectively a whitelist
+for environment variables.
 .PP
 If, however, the \fIenv_reset\fR option is disabled, any variables not
 explicitly denied by the \fIenv_check\fR and \fIenv_delete\fR options are
@@ -248,12 +253,15 @@ As a special case, if \fBsudo\fR's \fB\-i\fR option (initial login) is
 specified, \fIsudoers\fR will initialize the environment regardless
 of the value of \fIenv_reset\fR.  The \fI\s-1DISPLAY\s0\fR, \fI\s-1PATH\s0\fR and \fI\s-1TERM\s0\fR
 variables remain unchanged; \fI\s-1HOME\s0\fR, \fI\s-1MAIL\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR,
-and \fI\s-1LOGNAME\s0\fR are set based on the target user.  On Linux and \s-1AIX\s0
-systems the contents of \fI/etc/environment\fR are also included.  All
-other environment variables are removed.
+and \fI\s-1LOGNAME\s0\fR are set based on the target user.  On \s-1AIX\s0 (and Linux
+systems without \s-1PAM\s0), the contents of \fI/etc/environment\fR are also
+included.  On \s-1BSD\s0 systems, if the \fIuse_loginclass\fR option is
+enabled, the \fIpath\fR and \fIsetenv\fR variables in \fI/etc/login.conf\fR
+are also applied.  All other environment variables are removed.
 .PP
-Lastly, if the \fIenv_file\fR option is defined, any variables present
-in that file will be set to their specified values.
+Finally, if the \fIenv_file\fR option is defined, any variables present
+in that file will be set to their specified values as long as they
+would not conflict with an existing environment variable.
 .SH "SUDOERS FILE FORMAT"
 .IX Header "SUDOERS FILE FORMAT"
 The \fIsudoers\fR file is composed of two types of entries: aliases
@@ -1781,7 +1789,7 @@ I/O log files
 Directory containing time stamps for the \fIsudoers\fR security policy
 .IP "\fI/etc/environment\fR" 24
 .IX Item "/etc/environment"
-Initial environment for \fB\-i\fR mode on Linux and \s-1AIX\s0
+Initial environment for \fB\-i\fR mode on \s-1AIX\s0 and Linux systems
 .SH "EXAMPLES"
 .IX Header "EXAMPLES"
 Below are example \fIsudoers\fR entries.  Admittedly, some of