On Tue, 2006-02-07 at 10:22 +0100, Karel Zak wrote:
Hi,
I'd like to enable the env_reset option in the sudoers config file by default in FC5:
Defaults env_reset Defaults env_keep = "COLORS DISPLAY EDITOR HOSTNAME HISTSIZE INPUTRC KDEDIR \ LESSOPEN LS_COLORS MAIL PS1 PS2 QTDIR SSH_ASKPASS USERNAME \ LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \ LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \ _XKB_CHARSET"
Note: maybe all envs with a path to something executable should be removed from the list (it means LESSOPEN, SSH_ASKPASS and EDITOR).
You'll be making my day if you do this Karl.
I would suggest starting with a minimal env_keep whitelist. We can always expand it, and as long as there is a release note about it, it will only surprise the people who don't read the release notes. We can expand it in the future as needed.
Thanks.