I think the Ubuntu patch has been obsoleted by common usage now, with pretty much all distros using upstream version (of *not* keeping HOME).
Removing the patch would lower the delta we carry; additionally there is the benefit of having Ubuntu behave as everybody else, lowering the easter-egg count of weird differences between distros. Given 19.04 has been released, we should remove for u+1. This will give us enough time to find out and clean unsafe usage (if any). Setting Confirmed/Medium. ** Changed in: sudo (Ubuntu) Importance: Undecided => Medium ** Changed in: sudo (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1556302 Title: Ubuntu patch to add HOME to env_keep makes custom commands vulnerable by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs