-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SETENV support #932
Add SETENV support #932
Conversation
79fc2cf
to
8043767
Compare
8043767
to
d18d098
Compare
d18d098
to
62ac2bb
Compare
6275390
to
fe123d2
Compare
032d90b
to
ca13518
Compare
f1dd0df
to
61a983f
Compare
611ce26
to
a5880af
Compare
Note that this implementation is slightly different from ogsudo, as indicated by the (non-)compliance test case in However, there is an exception in that
sudo-rs will not allow environment control in this case--this is more predictable/logical (it says "NOSETENV", right?) and is also the 'fail safe' condition (this will cause noticeable errors if someone relies on this behaviour in sudo-c, instead of silently granting more privileges to users than might be expected). The above line is in fact a dubious configuration in any case since the |
Note: I've asked Todd about this and he is of the opinion that the sudo-rs treatment of
is the correct one, and fixed that in sudo-project/sudo@4dbb07c So in the future sudo and sudo-rs will be compliant again. |
Closes #760
Also Closes #546, since we add parsing+warning support for things like
NOEXEC
andTIMEOUT
.This does not add support for
--preserve-env
or--preserve-env=VAR
. I think the former needs some more discussion since it is the same as disablingenv_reset
. The latter is not controversial for us but better part of a separate PR.This can be reviewed commit-by-commit if desired.