Re: Removal of upstart integration
]] Ian Jackson
> However, I think that such arrangements are already made. The
> majority of people use "sudo", which AIUI already launders the
> environment.
That depends.
If you do sudo -i you get a mostly clean env:
$ sudo -i env
LANG=nb_NO.UTF-8
TZ=CET
SUDO_GID=1000
DISPLAY=:0
HOSTNAME=xoog.err.no
COLORTERM=truecolor
USERNAME=
SUDO_COMMAND=/bin/bash -c env
S_COLORS=auto
USER=root
ENV=/root/.bashrc
PWD=/root
HOME=/root
SUDO_USER=tfheen
SUDO_UID=1000
MAIL=/var/mail/root
SHELL=/bin/bash
TERM=xterm-256color
SHLVL=1
LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:en
LOGNAME=root
XAUTHORITY=/home/tfheen/.Xauthority
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env
So some bits are leaking, compare to:
$ sudo su - -c env
LANG=nb_NO.UTF-8
DISPLAY=:0
COLORTERM=truecolor
USERNAME=
S_COLORS=auto
USER=root
ENV=/root/.bashrc
PWD=/root
HOME=/root
MAIL=/var/mail/root
SHELL=/bin/bash
TERM=xterm-256color
SHLVL=1
LANGUAGE=nb_NO:nb:no_NO:no:nn_NO:nn:en
LOGNAME=root
XAUTHORITY=/home/tfheen/.Xauthority
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env
so even su leaks DISPLAY/XAUTHORITY. sudo -i leaks TZ, HOSTNAME and
adds some SUDO_* settings.
However, if you just do the IMO more common sudo $command, you get a lot
more:
$ sudo env | wc -l
87
It does clean up PATH, but it does not filter out my normal settings, so
say, LESS and LESSOPEN leak through to dpkg.
--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Reply to: