I'm not that crazy about code that relies on $PWD, either, but nonetheless there's quite a bit of it out there that does.
The reason I'm thinking of this is a bug is that virtually every environment in which you can run a program under Linux will include a $PWD variable, and similarly virtually every program that does a fork() will pass that variable across into the new environment. As you note, if you run 'sudo sh', you get an intervening shell that will set up its own environment. If you do the not uncommon 'sudo somecommand', though, there is no intervening shell, and you're getting what sudo sets up. I agree that PWD probably shouldn't be passed through unmodified (even though it's difficult to see how this could be exploited). Rather, PWD should just be set to the current getcwd(), which is what users and code will generally expect. I believe that having PWD unset is surprising, and surprises in a root environment lead to security holes. -- sudo doesn't propagate $PWD https://bugs.launchpad.net/bugs/410022 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
