** Changed in: sudo (Ubuntu) Importance: Critical => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1373495
Title: sudo shouldn't preserve caller's HOME environment variable by default Status in One Hundred Papercuts: Triaged Status in sudo package in Ubuntu: Triaged Bug description: Currently Ubuntu hard-coded sudo to preserve HOME environment variable to point to sudo caller's home directory by default(refer bug #760140) however this is dangerous and error-prone because the program run by root may create files (e.g. $HOME/.Xauthority , program config files) into caller's HOME directory **AS ROOT** which, will cause issue when users run the same program as their normal users' account again and even make the user failed to login(due to .Xauthority file owner is incorrect) In my opinion the Ubuntu patch(keep_home_by_default.patch)(no, Debian is NOT affected by this issue) that makes $HOME variable keep in sudo is INSANE and should be reverted(Ubuntu should use the safest configuration to general users by default), any user wish to run command as root using their HOME directory should set env_keep in /etc/sudoers themselves and acknowledging the consequences. [RootSudo - Community Help Wiki](https://help.ubuntu.com/community/RootSudo) wrongly tells that graphical application shouldn't be launched by sudo, but in fact the real issue falls into this bug. ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: sudo 1.8.9p5-1ubuntu1 ProcVersionSignature: Ubuntu 3.16.0-17.23-lowlatency 3.16.3 Uname: Linux 3.16.0-17-lowlatency i686 ApportVersion: 2.14.1-0ubuntu3.4 Architecture: i386 CurrentDesktop: KDE Date: Thu Sep 25 00:08:44 2014 InstallationDate: Installed on 2013-03-08 (564 days ago) InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release i386 (20121017.2) SourcePackage: sudo UpgradeStatus: Upgraded to trusty on 2014-04-19 (158 days ago) VisudoCheck: /etc/sudoers: parsed OK /etc/sudoers.d/Preserve_input_method_required_environmental_variables: parsed OK /etc/sudoers.d/README: parsed OK modified.conffile..etc.sudoers.d.README: [modified] mtime.conffile..etc.sudoers.d.README: 2014-09-24T22:26:35.734703 To manage notifications about this bug go to: https://bugs.launchpad.net/hundredpapercuts/+bug/1373495/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
