Skip to content

Allow preservation of variables in the default list to be disabled #424

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
konsolebox opened this issue Dec 11, 2024 · 1 comment
Open

Allow preservation of variables in the default list to be disabled #424

konsolebox opened this issue Dec 11, 2024 · 1 comment

Comments

@konsolebox
Copy link

konsolebox commented Dec 11, 2024
edited
Loading

If I'm reading the code correctly default variables that are enabled for preservation are specified in the initial_keepenv_table variable in plugins/sudoers/env.c, correct? If possible can preservation of these variables be allowed to be disabled through an option like --no-preserve-env=VAR? I know env -u VAR sudo ... can be a good workaround but better have the capability in sudo itself since it's the one responsible for allowing the default list.
@konsolebox
Copy link
Author

It seems like I misinterpreted initial_keepenv_table too. It seems to be used differently from --preserve-env.

Specifying a custom value through the environment file (not the configuration file which is /etc/security/pam_env.conf), a variable still gets overridden even it's specified through --preserve-env. I've tested this by running sudo -Hu user --preserve-env=VARIABLE env. However, if a variable is specified in initial_keepenv_table, like DISPLAY, HOSTNAME or XDG_CURRENT_DESKTOP, the variable DOES NOT get overridden. Note that HOSTNAME variable may not be exported so be mindful about it.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@konsolebox