Hi Bdale, hi Joey! I still think that the current sid version is broken: it does nothing to fix this vulnerability for similar cases (JAVA_TOOL_OPTIONS, PYTHONHOME, RUBYLIB, etc. pp) in existing installations and upgrades from stable, and for new installations it disables environment passing completely, which breaks lots of scripts and users which/who do 'VAR=value sudo foo'.
I discussed this a bit with Matt Zimmerman, Scott Remnant, and Colin Watson, and our current agreement is as follows: * We use Joey's whitelist approach if the user has limited sudo access, since it's the only sane long term solution and fixes the issue not only for brand new installations. * If the user has unlimited access anyway (i. e. "ALL" commands), then we do not filter out environment variables. The user can shoot himself in the foot much easier. And e. g. for developers it does indeed make sense to set a library path to a development version in his HOME temporarily for testing something. I would appreciate if Debian and Ubuntu would find a common solution. What do you think about this approach? Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
