On 26 September 2014 14:15, Russ Allbery <r...@debian.org> wrote:
> That would surprise me. In one case, you're setting an environment
> variable and then running sudo. In the other case, you're telling sudo to
> run the command "echo='() { /bin/echo bar; }' echo foo" via a shell.
>
> No, I don't think that is the case. I believe sudo interprets those
assignments itself (as also shown in man page), and the error I got
clearly shows this to be the case.
brian@aquitard:~$ sudo echo='() { /bin/echo bar; id; }' ./test.sh
sudo: sorry, you are not allowed to set the following environment
variables: echo
My understanding is that sudo doesn't invoke any sort of shell unless you
expressly tell it to do so.
aquitard# strace -ff -eprocess sudo A=B date
execve("/usr/bin/sudo", ["sudo", "A=B", "date"], [/* 21 vars */]) = 0
arch_prctl(ARCH_SET_FS, 0x7fc58a68b7a0) = 0
clone(Process 25854 attached (waiting for parent)
Process 25854 resumed (parent 25853 ready)
child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7fc58a68ba70) = 25854
[pid 25854] execve("/bin/date", ["date"], [/* 18 vars */]) = 0
[pid 25854] arch_prctl(ARCH_SET_FS, 0x7fef50d2c700) = 0
Friday 26 September 14:27:51 EST 2014
[pid 25854] exit_group(0) = ?
Process 25854 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(25854, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WNOHANG|WSTOPPED,
NULL) = 25854
exit_group(0) = ?
--
Brian May <br...@microcomaustralia.com.au>
