Jan Engelhardt wrote:
What options? Can you name the patch? The config file lines that cause this? The command line argument? No?
--- Yes: It's documented in the sudoers file: ## ## Defaults specification ## ## Prevent environment variables from influencing programs in an ## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151) Sources for 12.1 show: README.SUSE sudo-grp-include.patch sudo-1.8.2-CVE-2012-0809.patch sudo-sudoers.patch sudo-1.8.2-CVE-2012-2337.patch sudo.pamd sudo-1.8.2-ldap_search_escape.patch sudoers2ldif-env.patch sudo-1.8.2.tar.gz --- In sudo v 1.8.5: you can see all the sudoer changes: -## You may wish to keep some of the following environment variables -## when running commands via sudo. -## -## Locale settings -# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" -## -## Run X applications through sudo; HOME is used to find the -## .Xauthority file. Note that other programs use HOME to find -## configuration files and this may lead to privilege escalation! -# Defaults env_keep += "HOME" -## -## X11 resource path settings -# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" -## -## Desktop path settings -# Defaults env_keep += "QTDIR KDEDIR" -## -## Allow sudo-run commands to inherit the callers' ConsoleKit session -# Defaults env_keep += "XDG_SESSION_COOKIE" -## -## Uncomment to enable special input methods. Care should be taken as -## this may allow users to subvert the command being run via sudo. -# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" +## Prevent environment variables from influencing programs in an +## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151) +Defaults always_set_home +Defaults env_reset +## Change env_reset to !env_reset in previous line to keep all environment variables +## Following list will no longer be necessary after this change + +Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE" Defaults were to keep the environment -- suse changes that. Any other questions you need answered that I can pull from the src rpms? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org