https://bugzilla.novell.com/show_bug.cgi?id=145687#c16
Marcus Meissner changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
Info Provider|security-team@suse.de |
--- Comment #16 from Marcus Meissner 2007-08-20 02:38:50 MST ---
While Ludwig only showed up briefly today, he had the following statement
(I hope I have it correctly).
Allowing unprotected/unchecked PATH or other environment variables by
default makes holes into sudo, because there are then ways to break out
of the predefined applications, allowing the user to become root.
The various sudo security updates we did over the time were all "interesting"
environment variables being passed, which could be used to do such an escape.
For local use, you can use env_keep I guess.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.