Martin Schulze wrote:
> Martin Schulze wrote:
> > > It's been fixed upstream in 1.6.8p12.
> > 
> > This is true, but it becomes rediculous.
> 
> Finally allocated some time to develop a minimal patch.
> 
> The attached patch only uses the variables listed in env_check to
> be passed to the setuid environment.  This will preserve language
> settings by default, but nothing more.

This time with the attachment attached.

Regards,

        Joey

-- 
If nothing changes, everything will remain the same.  -- Barne's Law

Please always Cc to me when replying to me on the lists.
diff -u sudo-1.6.8p7/env.c sudo-1.6.8p7/env.c
--- sudo-1.6.8p7/env.c
+++ sudo-1.6.8p7/env.c
@@ -136,6 +136,7 @@
     "LC_*",
     "LANG",
     "LANGUAGE",
+    "TERM",
     NULL
 };
 
@@ -425,7 +426,7 @@
         * env_check.
         */
        for (ep = envp; *ep; ep++) {
-           okvar = 1;
+           okvar = 0;
 
            /* Skip variables with values beginning with () (bash functions) */
            if ((cp = strchr(*ep, '=')) != NULL) {
@@ -434,6 +435,7 @@
            }
 
            /* Skip anything listed in env_delete. */
+#if 0
            for (cur = def_env_delete; cur && okvar; cur = cur->next) {
                len = strlen(cur->value);
                /* Deal with '*' wildcard */
@@ -447,9 +449,10 @@
                    okvar = 0;
                }
            }
+#endif
 
            /* Check certain variables for '%' and '/' characters. */
-           for (cur = def_env_check; cur && okvar; cur = cur->next) {
+           for (cur = def_env_check; cur; cur = cur->next) {
                len = strlen(cur->value);
                /* Deal with '*' wildcard */
                if (cur->value[len - 1] == '*') {
@@ -459,8 +462,8 @@
                    iswild = 0;
                if (strncmp(cur->value, *ep, len) == 0 &&
                    (iswild || (*ep)[len] == '=') &&
-                   strpbrk(*ep, "/%")) {
-                   okvar = 0;
+                   strpbrk(*ep, "/%") == NULL) {
+                   okvar = 1;
                }
            }
 

Reply via email to