-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The '/etc/sudoers' now has this paragraph: # prevent environment variables from influencing programs in an # unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, # CVE-2006-0151) Defaults always_set_home Defaults env_reset The 'env_reset' does this (man sudoers): env_reset If set, sudo will reset the environment to only contain the following variables: HOME, LOGNAME, PATH, SHELL, TERM, and USER (in addition to the SUDO_* variables). Of these, only TERM is copied unaltered from the old environment. The other variables are set to default values (possibly modified by the value of the set_logname option). If sudo was compiled with the SECURE_PATH option, its value will be used for the PATH environment variable. Other variables may be preserved with the env_keep option. How insecure is this setting? I mean, how insecure would be removing it? It erases variables that I need, like "EDITOR". I have solved my problem using in the sudoers file: Defaults env_keep=EDITOR But I will have to define more variables - and precisely that "editor" one, being a command, is one of those they consider dangerous, I guess. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFF2OSStTMYHG2NR9URAhoyAJ9FicRLMiTrnrycoUrWIwwWxPE61QCbBUx4 mXpSFSWBBJMYP8iIy9d2dr8= =9gLg -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org