1 --- /home/bdale/Desktop/sudo-1.7.2p1/env.c 2009-06-23 12:24:42.000000000 -0600
2 +++ sudo/env.c 2009-11-20 07:31:58.000000000 -0700
4 static const char *initial_badenv_table[] = {
14 keepit = matches_env_keep(*ep);
16 + if (!strncmp (*ep, "DISPLAY=",8)
17 + || !strncmp (*ep, "XAUTHORITY=", 11)
18 + || !strncmp (*ep, "XAUTHORIZATION=", 15)
19 + || !strncmp (*ep, "XAPPLRESDIR=", 12)
20 + || !strncmp (*ep, "XFILESEARCHPATH=", 16)
21 + || !strncmp (*ep, "XUSERFILESEARCHPATH=", 20)
22 + || !strncmp (*ep, "LANG=", 5)
23 + || !strncmp (*ep, "LANGUAGE=", 9)
24 + || !strncmp (*ep, "LC_", 3))
27 /* For SUDO_PS1 -> PS1 conversion. */
28 if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
30 --- tmp/sudoers.pod 2010-03-11 12:28:58.000000000 -0700
31 +++ sudo/sudoers.pod 2010-03-11 12:29:58.000000000 -0700
36 +Not effective due to security issues: only variables listed in
37 +I<env_keep> or I<env_check> can be passed through B<sudo>!
39 Environment variables to be removed from the user's environment
40 when the I<env_reset> option is not in effect. The argument may
41 be a double-quoted, space-separated list or a single value without
46 -Environment variables to be preserved in the user's environment
47 -when the I<env_reset> option is in effect. This allows fine-grained
48 +Environment variables to be preserved in the user's environment.
49 +This allows fine-grained
50 control over the environment B<sudo>-spawned processes will receive.
51 The argument may be a double-quoted, space-separated list or a
52 single value without double-quotes. The list can be replaced, added
55 @@ -456,8 +456,8 @@ and, as such, it is not possible for B<sudo> to preserve them.
56 To prevent command spoofing, B<sudo> checks "." and "" (both denoting
57 current directory) last when searching for a command in the user's
58 PATH (if one or both are in the PATH). Note, however, that the
59 -actual C<PATH> environment variable is I<not> modified and is passed
60 -unchanged to the program that B<sudo> executes.
61 +C<PATH> environment variable is further modified in Debian because of
62 +the use of the I<SECURE_PATH> build option.
64 B<sudo> will check the ownership of its time stamp directory
65 (F<@timedir@> by default) and ignore the directory's contents if