I think the Ubuntu patch has been obsoleted by common usage now, with
pretty much all distros using upstream version (of *not* keeping HOME).

Removing the patch would lower the delta we carry; additionally there is
the benefit of having Ubuntu behave as everybody else, lowering the
easter-egg count of weird differences between distros.

Given 19.04 has been released, we should remove for u+1. This will give
us enough time to find out and clean unsafe usage (if any).

Setting Confirmed/Medium.

** Changed in: sudo (Ubuntu)
   Importance: Undecided => Medium

** Changed in: sudo (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1556302

Title:
  Ubuntu patch to add HOME to env_keep makes custom commands vulnerable
  by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to