[EMAIL PROTECTED] wrote:
On Fri, Jan 20, 2006 at 08:02:33AM -0600, Hugo Vanwoerkom wrote:
Hi,
I just did a security upgrade with Sarge and got installed
sudo_1.6.8p7-1.3_i386.deb. But when I use sudo to get to synaptic I get:
(synaptic:25937): Gtk-WARNING **: cannot open display:
When I then reinstalled the previous version:
sudo_1.6.8p7-1.2_i386.deb
The problem goes away.
This paragraph was in the security announcement posted to
debian-security-announce list:
------------ begin excerpt -----------
This update alters the former behaviour of sudo and limits the number
of supported environment variables to LC_*, LANG, LANGUAGE and TERM.
Additional variables are only passed through when set as env_check in
/etc/sudoers, which might be required for some scripts to continue to
work.
------------- end excerpt ------------
Maybe you need to do something with the DISPLAY variable in /etc/sudoers.
This is just a guess, however.
Thanks! And a good guess. But what?
Right now sudoers contains:
Cmnd_Alias DD = /usr/sbin/synaptic
And this is in the sudoers manpage:
Lists that can be used in a boolean context:
...
env_check
Environment variables to be removed from the user's environment if
the variable's value contains %
or /
characters. This can be used to guard against printf-style format
vulnerabilities in poorly-written programs. The argument may be a
double-quoted, space-separated list or a single value without
double-quotes. The list can be replaced, added to, deleted from, or
disabled by using the =
, +=
, -=
, and !
operators respectively. The default list of environment variables
to check is printed when sudo is run by root with the -V option.
...
Sounds like Greek to me. Can anybody tell me what in fact one should
specify in sudoers?
Thanks!
H
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
