patch from upstream to fix special case in password checking code

[debian/sudo] / env.c

diff --git a/env.c b/env.c
index ba2c7ac9e60f1e9f64376774a8043d883df9ee14..2be75d8ee60dc65e1d174e887de6043c63bd8552 100644 (file)
--- a/env.c
+++ b/env.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (c) 2000-2007 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2000-2005, 2007-2010
+ *     Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -34,27 +35,19 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
-# ifdef HAVE_STRINGS_H
-#  include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
-#ifdef HAVE_ERR_H
-# include <err.h>
-#else
-# include "emul/err.h"
-#endif /* HAVE_ERR_H */
+#include <ctype.h>
+#include <errno.h>
 #include <pwd.h>
 
 #include "sudo.h"
 
-#ifndef lint
-__unused static const char rcsid[] = "$Sudo: env.c,v 1.39.2.18 2008/03/13 11:34:57 millert Exp $";
-#endif /* lint */
-
 /*
  * Flags used in rebuild_env()
  */
@@ -72,6 +65,8 @@ __unused static const char rcsid[] = "$Sudo: env.c,v 1.39.2.18 2008/03/13 11:34:
 #define DID_USER       0x0020
 #undef DID_USERNAME
 #define DID_USERNAME           0x0040
+#undef DID_MAIL
+#define DID_MAIL       0x0080
 #undef DID_MAX
 #define DID_MAX        0x00ff
 
@@ -89,24 +84,25 @@ __unused static const char rcsid[] = "$Sudo: env.c,v 1.39.2.18 2008/03/13 11:34:
 #define KEPT_USER      0x2000
 #undef KEPT_USERNAME
 #define KEPT_USERNAME  0x4000
+#undef KEPT_MAIL
+#define KEPT_MAIL      0x8000
 #undef KEPT_MAX
 #define KEPT_MAX       0xff00
 
-#undef VNULL
-#define        VNULL   (VOID *)NULL
-
 struct environment {
     char **envp;               /* pointer to the new environment */
     size_t env_size;           /* size of new_environ in char **'s */
     size_t env_len;            /* number of slots used, not counting NULL */
+    int owned;                 /* do we own envp or is it the system's? */
 };
 
 /*
  * Prototypes
  */
-char **rebuild_env             __P((char **, int, int));
-static void insert_env         __P((char *, struct environment *, int));
-static char *format_env                __P((char *, ...));
+static void sudo_setenv                __P((const char *, const char *, int));
+static void sudo_putenv                __P((char *, int, int));
+
+extern char **environ;         /* global environment */
 
 /*
  * Copy of the sudo-managed environment.
@@ -133,6 +129,7 @@ static const char *initial_badenv_table[] = {
 #ifdef _AIX
     "LDR_*",
     "LIBPATH",
+    "AUTHSTATE",
 #endif
 #ifdef __APPLE__
     "DYLD_*",
@@ -174,6 +171,7 @@ static const char *initial_badenv_table[] = {
     "PYTHONHOME",              /* python, module search path */
     "PYTHONPATH",              /* python, search path */
     "PYTHONINSPECT",           /* python, allow inspection */
+    "PYTHONUSERBASE",          /* python, per user site-packages directory */
     "RUBYLIB",                 /* ruby, library load path */
     "RUBYOPT",                 /* ruby, extra command line options */
     NULL
@@ -198,11 +196,9 @@ static const char *initial_checkenv_table[] = {
 static const char *initial_keepenv_table[] = {
     "COLORS",
     "DISPLAY",
-    "HOME",
     "HOSTNAME",
     "KRB5CCNAME",
     "LS_COLORS",
-    "MAIL",
     "PATH",
     "PS1",
     "PS2",
@@ -213,88 +209,288 @@ static const char *initial_keepenv_table[] = {
 };
 
 /*
- * Given a variable and value, allocate and format an environment string.
+ * Initialize env based on envp.
  */
-static char *
-#ifdef __STDC__
-format_env(char *var, ...)
-#else
-format_env(var, va_alist)
-    char *var;
-    va_dcl
+void
+env_init(lazy)
+    int lazy;
+{
+    char * const *ep;
+    size_t len;
+
+    for (ep = environ; *ep != NULL; ep++)
+       continue;
+    len = (size_t)(ep - environ);
+
+    if (lazy) {
+       /*
+        * If we are already initialized due to lazy init (usualy via getenv())
+        * we need to avoid calling malloc() as it may call getenv() itself.
+        */
+       env.envp = environ;
+       env.env_len = len;
+       env.env_size = len;
+    } else if (!env.owned) {
+       env.env_len = len;
+       env.env_size = len + 1 + 128;
+       env.envp = emalloc2(env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+       memset(env.envp, 0, env.env_size * sizeof(char *));
 #endif
+       memcpy(env.envp, environ, len * sizeof(char *));
+       env.envp[len] = '\0';
+       env.owned = TRUE;
+    }
+}
+
+char **
+env_get()
+{
+    return env.envp;
+}
+
+/*
+ * Similar to setenv(3) but operates on sudo's private copy of the environment
+ * (not environ) and it always overwrites.  The dupcheck param determines
+ * whether we need to verify that the variable is not already set.
+ */
+static void
+sudo_setenv(var, val, dupcheck)
+    const char *var;
+    const char *val;
+    int dupcheck;
 {
     char *estring;
-    char *val;
     size_t esize;
-    va_list ap;
 
-#ifdef __STDC__
-    va_start(ap, var);
-#else
-    va_start(ap);
-#endif
-    esize = strlen(var) + 2;
-    while ((val = va_arg(ap, char *)) != NULL)
-       esize += strlen(val);
-    va_end(ap);
-    estring = (char *) emalloc(esize);
+    esize = strlen(var) + 1 + strlen(val) + 1;
+    estring = emalloc(esize);
 
-    /* Store variable name and the '=' separator.  */
+    /* Build environment string and insert it. */
     if (strlcpy(estring, var, esize) >= esize ||
-       strlcat(estring, "=", esize) >= esize) {
+       strlcat(estring, "=", esize) >= esize ||
+       strlcat(estring, val, esize) >= esize) {
+
+       errorx(1, "internal error, sudo_setenv() overflow");
+    }
+    sudo_putenv(estring, dupcheck, TRUE);
+}
+
+/*
+ * Version of getenv(3) that uses our own environ pointer.
+ */
+char *
+getenv(var)
+    const char *var;
+{
+    char *cp, **ev;
+    size_t vlen = strlen(var);
 
-       errx(1, "internal error, format_env() overflow");
+    if (env.envp == NULL)
+       env_init(TRUE);
+
+    for (ev = env.envp; (cp = *ev) != NULL; ev++) {
+       if (strncmp(var, cp, vlen) == 0 && cp[vlen] == '=')
+           return cp + vlen + 1;
+    }
+    return NULL;
+}
+
+/*
+ * Version of setenv(3) that uses our own environ pointer.
+ */
+int
+setenv(var, val, overwrite)
+    const char *var;
+    const char *val;
+    int overwrite;
+{
+    char *estring, *ep;
+    const char *cp;
+    size_t esize;
+
+    if (!var || *var == '\0') {
+       errno = EINVAL;
+       return(-1);
     }
 
-    /* Now store the variable's value (if any) */
-#ifdef __STDC__
-    va_start(ap, var);
+    if (env.envp == NULL)
+       env_init(TRUE);
+
+    /*
+     * POSIX says a var name with '=' is an error but BSD
+     * just ignores the '=' and anything after it.
+     */
+    for (cp = var; *cp && *cp != '='; cp++)
+       ;
+    esize = (size_t)(cp - var) + 2;
+    if (val) {
+       esize += strlen(val);   /* glibc treats a NULL val as "" */
+    }
+
+    /* Allocate and fill in estring. */
+    estring = ep = emalloc(esize);
+    for (cp = var; *cp && *cp != '='; cp++)
+       *ep++ = *cp;
+    *ep++ = '=';
+    if (val) {
+       for (cp = val; *cp; cp++)
+           *ep++ = *cp;
+    }
+    *ep = '\0';
+
+#ifdef ENV_DEBUG
+    if (env.envp[env.env_len] != NULL)
+       errorx(1, "setenv: corrupted envp, len mismatch");
+#endif
+    sudo_putenv(estring, TRUE, overwrite);
+    return(0);
+}
+
+/*
+ * Version of unsetenv(3) that uses our own environ pointer.
+ */
+#ifdef UNSETENV_VOID
+void
+#else
+int
+#endif
+unsetenv(var)
+    const char *var;
+{
+    char **ep;
+    size_t len;
+
+    if (var == NULL || *var == '\0' || strchr(var, '=') != NULL) {
+       errno = EINVAL;
+#ifdef UNSETENV_VOID
+       return;
 #else
-    va_start(ap);
+       return(-1);
 #endif
-    while ((val = va_arg(ap, char *)) != NULL) {
-       if (strlcat(estring, val, esize) >= esize)
-           errx(1, "internal error, format_env() overflow");
     }
-    va_end(ap);
 
-    return(estring);
+    if (env.envp == NULL)
+       env_init(TRUE);
+
+#ifdef ENV_DEBUG
+    if (env.envp[env.env_len] != NULL)
+       errorx(1, "unsetenv: corrupted envp, len mismatch");
+#endif
+
+    len = strlen(var);
+    for (ep = env.envp; *ep != NULL;) {
+       if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') {
+           /* Found it; shift remainder + NULL over by one. */
+           char **cur = ep;
+           while ((*cur = *(cur + 1)) != NULL)
+               cur++;
+           /* Keep going, could be multiple instances of the var. */
+       } else {
+           ep++;
+       }
+    }
+    env.env_len = ep - env.envp;
+#ifndef UNSETENV_VOID
+    return(0);
+#endif
+}
+
+/*
+ * Version of putenv(3) that uses our own environ pointer.
+ */
+int
+#ifdef PUTENV_CONST
+putenv(const char *string)
+#else
+putenv(string)
+    char *string;
+#endif
+{
+    if (env.envp == NULL)
+       env_init(TRUE);
+
+    if (strchr(string, '=') == NULL) {
+       errno = EINVAL;
+       return(-1);
+    }
+#ifdef ENV_DEBUG
+    if (env.envp[env.env_len] != NULL)
+       errorx(1, "putenv: corrupted envp, len mismatch");
+#endif
+    sudo_putenv((char *)string, TRUE, TRUE);
+    return(0);
 }
 
 /*
- * Insert str into e->envp, assumes str has an '=' in it.
+ * Similar to putenv(3) but operates on sudo's private copy of the
+ * environment (not environ) and it always overwrites.  The dupcheck param
+ * determines whether we need to verify that the variable is not already set.
+ * Will only overwrite an existing variable if overwrite is set.
  */
 static void
-insert_env(str, e, dupcheck)
+sudo_putenv(str, dupcheck, overwrite)
     char *str;
-    struct environment *e;
     int dupcheck;
+    int overwrite;
 {
-    char **nep;
-    size_t varlen;
+    char **ep;
+    size_t len;
+    int found = FALSE;
 
     /* Make sure there is room for the new entry plus a NULL. */
-    if (e->env_len + 2 > e->env_size) {
-       e->env_size += 128;
-       e->envp = erealloc3(e->envp, e->env_size, sizeof(char *));
+    if (env.env_len + 2 > env.env_size) {
+       env.env_size += 128;
+       if (env.owned) {
+           env.envp = erealloc3(env.envp, env.env_size, sizeof(char *));
+       } else {
+           /* We don't own env.envp, allocate a new one. */
+           ep = emalloc2(env.env_size, sizeof(char *));
+           memcpy(ep, env.envp, env.env_size * sizeof(char *));
+           env.envp = ep;
+           env.owned = TRUE;
+       }
+#ifdef ENV_DEBUG
+       memset(env.envp + env.env_len, 0,
+           (env.env_size - env.env_len) * sizeof(char *));
+#endif
     }
 
-    if (dupcheck) {
-           varlen = (strchr(str, '=') - str) + 1;
+#ifdef ENV_DEBUG
+    if (env.envp[env.env_len] != NULL)
+       errorx(1, "sudo_putenv: corrupted envp, len mismatch");
+#endif
 
-           for (nep = e->envp; *nep; nep++) {
-               if (strncmp(str, *nep, varlen) == 0) {
-                   *nep = str;
-                   return;
+    if (dupcheck) {
+       len = (strchr(str, '=') - str) + 1;
+       for (ep = env.envp; !found && *ep != NULL; ep++) {
+           if (strncmp(str, *ep, len) == 0) {
+               if (overwrite)
+                   *ep = str;
+               found = TRUE;
+           }
+       }
+       /* Prune out duplicate variables. */
+       if (found && overwrite) {
+           while (*ep != NULL) {
+               if (strncmp(str, *ep, len) == 0) {
+                   char **cur = ep;
+                   while ((*cur = *(cur + 1)) != NULL)
+                       cur++;
+               } else {
+                   ep++;
                }
            }
-    } else
-       nep = e->envp + e->env_len;
+           env.env_len = ep - env.envp;
+       }
+    }
 
-    e->env_len++;
-    *nep++ = str;
-    *nep = NULL;
+    if (!found) {
+       ep = env.envp + env.env_len;
+       env.env_len++;
+       *ep++ = str;
+       *ep = NULL;
+    }
 }
 
 /*
@@ -391,24 +587,39 @@ matches_env_keep(var)
  * variables from the old one or start with a clean slate.
  * Also adds sudo-specific variables (SUDO_*).
  */
-char **
-rebuild_env(envp, sudo_mode, noexec)
-    char **envp;
-    int sudo_mode;
+void
+rebuild_env(noexec)
     int noexec;
 {
-    char **ep, *cp, *ps1;
+    char **old_envp, **ep, *cp, *ps1;
+    char idbuf[MAX_UID_T_LEN];
     unsigned int didvar;
+    int reset_home = FALSE;
 
     /*
      * Either clean out the environment or reset to a safe default.
      */
     ps1 = NULL;
     didvar = 0;
-    memset(&env, 0, sizeof(env));
-    if (def_env_reset) {
+    env.env_len = 0;
+    env.env_size = 128;
+    old_envp = env.envp;
+    env.envp = emalloc2(env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+    memset(env.envp, 0, env.env_size * sizeof(char *));
+#endif
+
+    /* Reset HOME based on target user if configured to. */
+    if (ISSET(sudo_mode, MODE_RUN)) {
+       if (def_always_set_home ||
+           ISSET(sudo_mode, MODE_RESET_HOME | MODE_LOGIN_SHELL) || 
+           (ISSET(sudo_mode, MODE_SHELL) && def_set_home))
+           reset_home = TRUE;
+    }
+
+    if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
        /* Pull in vars we want to keep from the old environment. */
-       for (ep = envp; *ep; ep++) {
+       for (ep = old_envp; *ep; ep++) {
            int keepit;
 
            /* Skip variables with values beginning with () (bash functions) */
@@ -441,6 +652,10 @@ rebuild_env(envp, sudo_mode, noexec)
                        if (strncmp(*ep, "LOGNAME=", 8) == 0)
                            SET(didvar, DID_LOGNAME);
                        break;
+                   case 'M':
+                       if (strncmp(*ep, "MAIL=", 5) == 0)
+                           SET(didvar, DID_MAIL);
+                       break;
                    case 'P':
                        if (strncmp(*ep, "PATH=", 5) == 0)
                            SET(didvar, DID_PATH);
@@ -460,7 +675,7 @@ rebuild_env(envp, sudo_mode, noexec)
                            SET(didvar, DID_USERNAME);
                        break;
                }
-               insert_env(*ep, &env, 0);
+               sudo_putenv(*ep, FALSE, FALSE);
            }
        }
        didvar |= didvar << 8;          /* convert DID_* to KEPT_* */
@@ -471,35 +686,45 @@ rebuild_env(envp, sudo_mode, noexec)
         * on sudoers options).
         */
        if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
-           insert_env(format_env("HOME", runas_pw->pw_dir, VNULL), &env,
-               ISSET(didvar, DID_HOME));
-           insert_env(format_env("SHELL", runas_pw->pw_shell, VNULL), &env,
-               ISSET(didvar, DID_SHELL));
-           insert_env(format_env("LOGNAME", runas_pw->pw_name, VNULL), &env,
+           sudo_setenv("SHELL", runas_pw->pw_shell, ISSET(didvar, DID_SHELL));
+           sudo_setenv("LOGNAME", runas_pw->pw_name,
                ISSET(didvar, DID_LOGNAME));
-           insert_env(format_env("USER", runas_pw->pw_name, VNULL), &env,
-               ISSET(didvar, DID_USER));
-           insert_env(format_env("USERNAME", runas_pw->pw_name, VNULL), &env,
+           sudo_setenv("USER", runas_pw->pw_name, ISSET(didvar, DID_USER));
+           sudo_setenv("USERNAME", runas_pw->pw_name,
                ISSET(didvar, DID_USERNAME));
        } else {
-           if (!ISSET(didvar, DID_HOME))
-               insert_env(format_env("HOME", user_dir, VNULL), &env, 0);
            if (!ISSET(didvar, DID_SHELL))
-               insert_env(format_env("SHELL", sudo_user.pw->pw_shell, VNULL),
-                   &env, 0);
+               sudo_setenv("SHELL", sudo_user.pw->pw_shell, FALSE);
            if (!ISSET(didvar, DID_LOGNAME))
-               insert_env(format_env("LOGNAME", user_name, VNULL), &env, 0);
+               sudo_setenv("LOGNAME", user_name, FALSE);
            if (!ISSET(didvar, DID_USER))
-               insert_env(format_env("USER", user_name, VNULL), &env, 0);
+               sudo_setenv("USER", user_name, FALSE);
            if (!ISSET(didvar, DID_USERNAME))
-               insert_env(format_env("USERNAME", user_name, VNULL), &env, 0);
+               sudo_setenv("USERNAME", user_name, FALSE);
+       }
+
+       /* If we didn't keep HOME, reset it based on target user. */
+       if (!ISSET(didvar, KEPT_HOME))
+           reset_home = TRUE;
+
+       /*
+        * Set MAIL to target user in -i mode or if MAIL is not preserved
+        * from user's environment.
+        */
+       if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, KEPT_MAIL)) {
+           cp = _PATH_MAILDIR;
+           if (cp[sizeof(_PATH_MAILDIR) - 2] == '/')
+               easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name);
+           else
+               easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name);
+           sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
        }
     } else {
        /*
-        * Copy envp entries as long as they don't match env_delete or
+        * Copy environ entries as long as they don't match env_delete or
         * env_check.
         */
-       for (ep = envp; *ep; ep++) {
+       for (ep = old_envp; *ep; ep++) {
            int okvar;
 
            /* Skip variables with values beginning with () (bash functions) */
@@ -523,42 +748,35 @@ rebuild_env(envp, sudo_mode, noexec)
                    SET(didvar, DID_PATH);
                else if (strncmp(*ep, "TERM=", 5) == 0)
                    SET(didvar, DID_TERM);
-               insert_env(*ep, &env, 0);
+               sudo_putenv(*ep, FALSE, FALSE);
            }
        }
     }
-
-#ifdef SECURE_PATH
-    /* Replace the PATH envariable with a secure one. */
-    if (!user_is_exempt()) {
-       insert_env(format_env("PATH", SECURE_PATH, VNULL), &env, 1);
+    /* Replace the PATH envariable with a secure one? */
+    if (def_secure_path && !user_is_exempt()) {
+       sudo_setenv("PATH", def_secure_path, TRUE);
        SET(didvar, DID_PATH);
     }
-#endif
 
     /* Set $USER, $LOGNAME and $USERNAME to target if "set_logname" is true. */
-    if (def_set_logname && runas_pw->pw_name) {
+    if (def_set_logname && !ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
        if (!ISSET(didvar, KEPT_LOGNAME))
-           insert_env(format_env("LOGNAME", runas_pw->pw_name, VNULL), &env, 1);
+           sudo_setenv("LOGNAME", runas_pw->pw_name, TRUE);
        if (!ISSET(didvar, KEPT_USER))
-           insert_env(format_env("USER", runas_pw->pw_name, VNULL), &env, 1);
+           sudo_setenv("USER", runas_pw->pw_name, TRUE);
        if (!ISSET(didvar, KEPT_USERNAME))
-           insert_env(format_env("USERNAME", runas_pw->pw_name, VNULL), &env, 1);
+           sudo_setenv("USERNAME", runas_pw->pw_name, TRUE);
     }
 
-    /* Set $HOME for `sudo -H'.  Only valid at PERM_FULL_RUNAS. */
-    if (runas_pw->pw_dir) {
-       if (ISSET(sudo_mode, MODE_RESET_HOME) ||
-           (ISSET(sudo_mode, MODE_RUN) && (def_always_set_home ||
-           (ISSET(sudo_mode, MODE_SHELL) && def_set_home))))
-           insert_env(format_env("HOME", runas_pw->pw_dir, VNULL), &env, 1);
-    }
+    /* Set $HOME to target user if not preserving user's value. */
+    if (reset_home)
+       sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
 
     /* Provide default values for $TERM and $PATH if they are not set. */
     if (!ISSET(didvar, DID_TERM))
-       insert_env("TERM=unknown", &env, 0);
+       sudo_putenv("TERM=unknown", FALSE, FALSE);
     if (!ISSET(didvar, DID_PATH))
-       insert_env(format_env("PATH", _PATH_DEFPATH, VNULL), &env, 0);
+       sudo_setenv("PATH", _PATH_STDPATH, FALSE);
 
     /*
      * Preload a noexec file?  For a list of LD_PRELOAD-alikes, see
@@ -567,78 +785,56 @@ rebuild_env(envp, sudo_mode, noexec)
      */
     if (noexec && def_noexec_file != NULL) {
 #if defined(__darwin__) || defined(__APPLE__)
-       insert_env(format_env("DYLD_INSERT_LIBRARIES", def_noexec_file, VNULL),
-           &env, 1);
-       insert_env(format_env("DYLD_FORCE_FLAT_NAMESPACE", VNULL), &env, 1);
+       sudo_setenv("DYLD_INSERT_LIBRARIES", def_noexec_file, TRUE);
+       sudo_setenv("DYLD_FORCE_FLAT_NAMESPACE", "", TRUE);
 #else
 # if defined(__osf__) || defined(__sgi)
-       insert_env(format_env("_RLD_LIST", def_noexec_file, ":DEFAULT", VNULL),
-           &env, 1);
+       easprintf(&cp, "%s:DEFAULT", def_noexec_file);
+       sudo_setenv("_RLD_LIST", cp, TRUE);
+       efree(cp);
 # else
 #  ifdef _AIX
-       insert_env(format_env("LDR_PRELOAD", def_noexec_file, VNULL), &env, 1);
+       sudo_setenv("LDR_PRELOAD", def_noexec_file, TRUE);
 #  else
-       insert_env(format_env("LD_PRELOAD", def_noexec_file, VNULL), &env, 1);
+       sudo_setenv("LD_PRELOAD", def_noexec_file, TRUE);
 #  endif /* _AIX */
 # endif /* __osf__ || __sgi */
 #endif /* __darwin__ || __APPLE__ */
     }
 
     /* Set PS1 if SUDO_PS1 is set. */
-    if (ps1)
-       insert_env(ps1, &env, 1);
+    if (ps1 != NULL)
+       sudo_putenv(ps1, TRUE, TRUE);
 
     /* Add the SUDO_COMMAND envariable (cmnd + args). */
-    if (user_args)
-       insert_env(format_env("SUDO_COMMAND", user_cmnd, " ", user_args, VNULL),
-           &env, 1);
-    else
-       insert_env(format_env("SUDO_COMMAND", user_cmnd, VNULL), &env, 1);
+    if (user_args) {
+       easprintf(&cp, "%s %s", user_cmnd, user_args);
+       sudo_setenv("SUDO_COMMAND", cp, TRUE);
+       efree(cp);
+    } else {
+       sudo_setenv("SUDO_COMMAND", user_cmnd, TRUE);
+    }
 
     /* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */
-    insert_env(format_env("SUDO_USER", user_name, VNULL), &env, 1);
-    easprintf(&cp, "SUDO_UID=%lu", (unsigned long) user_uid);
-    insert_env(cp, &env, 1);
-    easprintf(&cp, "SUDO_GID=%lu", (unsigned long) user_gid);
-    insert_env(cp, &env, 1);
-
-    return(env.envp);
+    sudo_setenv("SUDO_USER", user_name, TRUE);
+    snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_uid);
+    sudo_setenv("SUDO_UID", idbuf, TRUE);
+    snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_gid);
+    sudo_setenv("SUDO_GID", idbuf, TRUE);
+
+    /* Free old environment. */
+    efree(old_envp);
 }
 
-char **
-insert_env_vars(envp, env_vars)
-    char **envp;
+void
+insert_env_vars(env_vars)
     struct list_member *env_vars;
 {
     struct list_member *cur;
 
-    if (env_vars == NULL)
-       return (envp);
-
-    /*
-     * Make sure we still own the environment and steal it back if not.
-     */
-    if (env.envp != envp) {
-       size_t evlen;
-       char **ep;
-
-       for (ep = envp; *ep != NULL; ep++)
-           continue;
-       evlen = ep - envp;
-       if (evlen + 1 > env.env_size) {
-           efree(env.envp);
-           env.env_size = evlen + 1 + 128;
-           env.envp = emalloc2(env.env_size, sizeof(char *));
-       }
-       memcpy(env.envp, envp, (evlen + 1) * sizeof(char *));
-       env.env_len = evlen;
-    }
-
     /* Add user-specified environment variables. */
     for (cur = env_vars; cur != NULL; cur = cur->next)
-       insert_env(cur->value, &env, 1);
-
-    return(env.envp);
+       putenv(cur->value);
 }
 
 /*
@@ -655,13 +851,12 @@ validate_env_vars(env_vars)
     size_t len, blen = 0, bsize = 0;
     int okvar;
 
+    /* Add user-specified environment variables. */
     for (var = env_vars; var != NULL; var = var->next) {
-#ifdef SECURE_PATH
-       if (!user_is_exempt() && strncmp(var->value, "PATH=", 5) == 0) {
+       if (def_secure_path && !user_is_exempt() &&
+           strncmp(var->value, "PATH=", 5) == 0) {
            okvar = FALSE;
-       } else
-#endif
-       if (def_env_reset) {
+       } else if (def_env_reset) {
            okvar = matches_env_check(var->value);
            if (okvar == -1)
                okvar = matches_env_keep(var->value);
@@ -698,6 +893,65 @@ validate_env_vars(env_vars)
     }
 }
 
+/*
+ * Read in /etc/environment ala AIX and Linux.
+ * Lines may be in either of three formats:
+ *  NAME=VALUE
+ *  NAME="VALUE"
+ *  NAME='VALUE'
+ * with an optional "export" prefix so the shell can source the file.
+ * Invalid lines, blank lines, or lines consisting solely of a comment
+ * character are skipped.
+ */
+void
+read_env_file(path, overwrite)
+    const char *path;
+    int overwrite;
+{
+    FILE *fp;
+    char *cp, *var, *val;
+    size_t var_len, val_len;
+
+    if ((fp = fopen(path, "r")) == NULL)
+       return;
+
+    while ((var = sudo_parseln(fp)) != NULL) {
+       /* Skip blank or comment lines */
+       if (*var == '\0')
+           continue;
+
+       /* Skip optional "export " */
+       if (strncmp(var, "export", 6) == 0 && isspace((unsigned char) var[6])) {
+           var += 7;
+           while (isspace((unsigned char) *var)) {
+               var++;
+           }
+       }
+
+       /* Must be of the form name=["']value['"] */
+       for (val = var; *val != '\0' && *val != '='; val++)
+           ;
+       if (var == val || *val != '=')
+           continue;
+       var_len = (size_t)(val - var);
+       val_len = strlen(++val);
+
+       /* Strip leading and trailing single/double quotes */
+       if ((val[0] == '\'' || val[0] == '\"') && val[0] == val[val_len - 1]) {
+           val[val_len - 1] = '\0';
+           val++;
+           val_len -= 2;
+       }
+
+       cp = emalloc(var_len + 1 + val_len + 1);
+       memcpy(cp, var, var_len + 1); /* includes '=' */
+       memcpy(cp + var_len + 1, val, val_len + 1); /* includes NUL */
+
+       sudo_putenv(cp, TRUE, overwrite);
+    }
+    fclose(fp);
+}
+
 void
 init_envtables()
 {