According to the CHANGES file (#432) in the sudo source code "env_reset" is normally default! sudo -V shows that there is no "Reset the environment to a default set of variables", but only "Ignore '.' in $PATH". This is NOT sufficient and will fail in following test case (see "How to repeat"). Fix: Use the default "env_reset" instead of "ignore_dot"! How-To-Repeat: % echo 'echo BULLSHIT' > date % chmod +x date % date % export PATH=.:$PATH % date % sudo date % sudo sh # date
Responsible Changed From-To: freebsd-ports-bugs->mharo Over to maintainer
Responsible Changed From-To: mharo->freebsd-ports-bugs Maintainer was reset.
Responsible Changed From-To: freebsd-ports-bugs->stefan Take.
Hi, I had a brief look at what sudo does and found the following: - As mentioned in CHANGES in the sudo distribution, 'env_reset' is a so-called 'Defaults' option. That doesn't mean it's on by default, though - see the section 'Defaults' in sudoers(5) how it's turned on. - A quick test showed that even with 'env_reset' enabled sudo does not modify my $PATH, so your example still works. (The environment is stripped to basic variables, though.) I think that's either a bug in sudo itself or in the man page, depending on how you look at it. (It says that only $TERM is copied unaltered from the old environment, but looking at the source code, $PATH is only touched/replaced if SECURE_PATH is set at compile time. In my opinion, sudo's documentation is a bit ambiguous/unclear here, but it's not an issue specific to FreeBSD and should be resolved upstream, so I'd close this PR. Please let me know if you (dis)agree. Regards, Stefan
State Changed From-To: open->feedback Awaiting feedback from originator.
State Changed From-To: feedback->closed I don't see a bug here - modification of $PATH happens only when configure is given the parameter --with-secure-path, which is not the case with the port in its current version. If anyone wants to add that parameter to CONFIGURE_ARGS, he or she is free to send a patch.