For additional clarification: As mentioned already, the Ubuntu patch diverges from upstream sudo.
Additionally, here what other Linux distros do: ddstreet@debian:~$ printenv | grep HOME HOME=/home/ddstreet ddstreet@debian:~$ sudo printenv | grep HOME HOME=/root [ddstreet@fedora-workstation ~]$ printenv | grep '^HOME' HOME=/home/ddstreet [ddstreet@fedora-workstation ~]$ sudo printenv | grep '^HOME' HOME=/root [ddstreet@fedora-server ~]$ printenv | grep '^HOME' HOME=/home/ddstreet [ddstreet@fedora-server ~]$ sudo printenv | grep '^HOME' HOME=/root [ddstreet@rhel-8 ~]$ printenv | grep HOME HOME=/home/ddstreet [ddstreet@rhel-8 ~]$ sudo printenv | grep HOME HOME=/root ddstreet@opensuse-15:~> printenv | grep HOME HOME=/home/ddstreet ddstreet@opensuse-15:~> sudo printenv | grep HOME HOME=/root ddstreet@sles-15:~> printenv | grep HOME HOME=/home/ddstreet ddstreet@sles-15:~> sudo printenv | grep HOME HOME=/root ddstreet@slackware:~$ printenv | grep HOME HOME=/home/ddstreet ddstreet@slackware:~$ sudo printenv | grep HOME HOME=/root And even other UNIXes: ddstreet@netbsd-8: $ printenv | grep HOME HOME=/home/ddstreet ddstreet@netbsd-8: $ sudo printenv | grep HOME HOME=/root ddstreet@freebsd-12: $ printenv | grep HOME HOME=/home/ddstreet ddstreet@freebsd-12: $ sudo printenv | grep HOME HOME=/root openbsd$ printenv | grep HOME HOME=/home/ddstreet openbsd$ sudo printenv | grep HOME HOME=/root We appear to be completely alone in adding HOME to env_keep by default. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1556302 Title: Ubuntu patch to add HOME to env_keep makes custom commands vulnerable by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1556302/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
