sudo env_reset in FC5
Josh Bressers
bressers at redhat.com
Tue Feb 7 12:47:06 UTC 2006
> On Tue, 2006-02-07 at 10:22 +0100, Karel Zak wrote:
> > Hi,
> >
> > I'd like to enable the env_reset option in the sudoers config file by
> > default in FC5:
> >
> >
> > Defaults env_reset
> > Defaults env_keep = "COLORS DISPLAY EDITOR HOSTNAME HISTSIZE INPUTRC KDEDIR \
> > LESSOPEN LS_COLORS MAIL PS1 PS2 QTDIR SSH_ASKPASS USERNAME \
> > LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
> > LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
> > LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
> > _XKB_CHARSET"
> >
>
> Note: maybe all envs with a path to something executable should be
> removed from the list (it means LESSOPEN, SSH_ASKPASS and EDITOR).
You'll be making my day if you do this Karl.
I would suggest starting with a minimal env_keep whitelist. We can always
expand it, and as long as there is a release note about it, it will only
surprise the people who don't read the release notes. We can expand it in
the future as needed.
Thanks.
--
JB
More information about the fedora-devel-list
mailing list