Re: ${HOME} vs. g_get_home_dir ()

To: debian-devel@lists.debian.org
Subject: Re: ${HOME} vs. g_get_home_dir ()
From: Simon McVittie <smcv@debian.org>
Date: Fri, 28 Sep 2012 11:58:26 +0100
Message-id: <[🔎] 506582D2.90302@debian.org>
In-reply-to: <[🔎] 1348782816.21951.93.camel@pi0307572>
References: <[🔎] 20120927213859.GA7282@jtriplet-mobl1> <[🔎] 1348782816.21951.93.camel@pi0307572>

On 27/09/12 22:53, Josselin Mouette wrote:
> Le jeudi 27 septembre 2012 à 14:39 -0700, Josh Triplett a écrit : 
>> "sudo foo" leaves $HOME set to the user's
>> home directory rather than root
> 
> This is a bug in sudo. There can be very dangerous things in $HOME

It's configurable, because each of you can be right in different
situations. I think the Debian default is to clear the environment
(except for a few whitelisted variables like LANG).

If only root-equivalent ("admin") users are allowed to sudo (as seen in
an out-of-the-box Ubuntu installation, or Debian when a user is in the
sudo group), then escalating privileges is a non-issue. In this case,
Josh's version is OK: passing environment variables through doesn't let
the user do anything they couldn't do already.

If certain users are granted sudo access to certain commands but are not
otherwise root-equivalent, then Josselin is right that it's not
generally safe to pass environment variables through: it's likely that
they can subvert those commands by careful choice of environment variables.

    S

Reply to:

References:
- Re: ${HOME} vs. g_get_home_dir ()
  - From: Josh Triplett <josh@joshtriplett.org>
- Re: ${HOME} vs. g_get_home_dir ()
  - From: Josselin Mouette <joss@debian.org>

Prev by Date: Bug#689020: ITP: concavity -- predictor of protein ligand binding sites from 3D structure and sequence conservation
Next by Date: Re: ${HOME} vs. g_get_home_dir () [and 1 more messages]
Previous by thread: Re: ${HOME} vs. g_get_home_dir ()
Next by thread: Re: Debian Installer 7.0 Beta1 release
Index(es):
- Date
- Thread