I think the Ubuntu patch has been obsoleted by common usage now, with
pretty much all distros using upstream version (of *not* keeping HOME).
Removing the patch would lower the delta we carry; additionally there is
the benefit of having Ubuntu behave as everybody else, lowering the
easter-egg count of weird differences between distros.
Given 19.04 has been released, we should remove for u+1. This will give
us enough time to find out and clean unsafe usage (if any).
Setting Confirmed/Medium.
** Changed in: sudo (Ubuntu)
Importance: Undecided => Medium
** Changed in: sudo (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1556302
Title:
Ubuntu patch to add HOME to env_keep makes custom commands vulnerable
by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
