I have just committed sudo 1.6.9p1 to the OpenBSD tree. If you use
sudo for ports builds this will affect you.
The biggest change in 1.6.9p1 that will affect folks is the environment
handling. Previously, sudo would pass the existing environment
through to the command to be run after pruning out some variables
that were potentially dangerous. Unfortunately, "potentially
dangerous" is a more or less infinite set these days. As a result,
the default in 1.6.9p1 is to reset the environment to a small default
with only certain variables preserved from the previous environment.
This is totally configurable in sudoers and there are several
ways to deal with it.
1) Change the default back to the way it was with a line like:
Defaults !env_reset
in sudoers.
2) Add the variables you need to have preserved to the env_keep
list. E.g.
Defaults env_keep += "DESTDIR RELEASEDIR FLAVOR"
3) Use the SETENV tag on commands or the setenv Defaults options.
E.g.
%wheel ALL = (ALL) SETENV: ALL
then use "sudo -E" when you need to preserve the environment or
specify the variables on the command line using sudo:
$ sudo DESTDIR=/home/dst RELEASEDIR=/home/rel make release
The default sudoers file will have a commented out entry for the
wheel group like #3.
I've been using sudo with the environment resetting myself for two
years now and several of the Linux distributions make this the
default as well so it shouldn't be a huge deal.
- todd
