]] Ian Jackson > However, I think that such arrangements are already made. The > majority of people use "sudo", which AIUI already launders the > environment.
That depends. If you do sudo -i you get a mostly clean env: $ sudo -i env LANG=nb_NO.UTF-8 TZ=CET SUDO_GID=1000 DISPLAY=:0 HOSTNAME=xoog.err.no COLORTERM=truecolor USERNAME= SUDO_COMMAND=/bin/bash -c env S_COLORS=auto USER=root ENV=/root/.bashrc PWD=/root HOME=/root SUDO_USER=tfheen SUDO_UID=1000 MAIL=/var/mail/root SHELL=/bin/bash TERM=xterm-256color SHLVL=1 LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:en LOGNAME=root XAUTHORITY=/home/tfheen/.Xauthority PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin _=/usr/bin/env So some bits are leaking, compare to: $ sudo su - -c env LANG=nb_NO.UTF-8 DISPLAY=:0 COLORTERM=truecolor USERNAME= S_COLORS=auto USER=root ENV=/root/.bashrc PWD=/root HOME=/root MAIL=/var/mail/root SHELL=/bin/bash TERM=xterm-256color SHLVL=1 LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:en LOGNAME=root XAUTHORITY=/home/tfheen/.Xauthority PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin _=/usr/bin/env so even su leaks DISPLAY/XAUTHORITY. sudo -i leaks TZ, HOSTNAME and adds some SUDO_* settings. However, if you just do the IMO more common sudo $command, you get a lot more: $ sudo env | wc -l 87 It does clean up PATH, but it does not filter out my normal settings, so say, LESS and LESSOPEN leak through to dpkg. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are
