summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--WHATSNEW4
-rw-r--r--aclocal.m435
-rw-r--r--config.h.in3
-rwxr-xr-xconfigure64
-rw-r--r--configure.in1
-rw-r--r--doc/sudo.cat40
-rw-r--r--doc/sudo.man.in7
-rw-r--r--doc/sudo.pod5
-rw-r--r--doc/sudoers.cat70
-rw-r--r--doc/sudoers.man.in14
-rw-r--r--doc/sudoers.pod12
-rw-r--r--pathnames.h.in4
-rw-r--r--plugins/sudoers/env.c21
13 files changed, 208 insertions, 72 deletions
diff --git a/WHATSNEW b/WHATSNEW
index 7ad33ed2e..38e16b463 100644
--- a/WHATSNEW
+++ b/WHATSNEW
@@ -42,6 +42,10 @@ What's new in Sudo 1.7.4?
more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
+ * If env_reset is enabled in sudoers (the default), sudo will now set
+ the MAIL environment variable based on the target user unless MAIL is
+ explicitly preserved in sudoers. Previously MAIL was passed unchanged.
+
What's new in Sudo 1.7.3?
* Support for logging I/O for the command being run.
diff --git a/aclocal.m4 b/aclocal.m4
index ebb654cd5..017c07531 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -109,7 +109,7 @@ if test -z "$timedir"; then
for d in /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then
timedir="$d/sudo"
- break;
+ break
fi
done
fi
@@ -328,6 +328,39 @@ AC_DEFUN(SUDO_APPEND_LIBPATH, [
])
dnl
+dnl Determine the mail spool location
+dnl NOTE: must be run *after* check for paths.h
+dnl
+AC_DEFUN(SUDO_MAILDIR, [
+maildir=no
+if test X"$ac_cv_header_paths_h" = X"yes"; then
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
+#include <paths.h>
+int main() {char *p = _PATH_MAILDIR;}], [])], [maildir=yes], [])
+fi
+if test $maildir = no; then
+ # Solaris has maillock.h which defines MAILDIR
+ AC_CHECK_HEADERS(maillock.h, [
+ SUDO_DEFINE(_PATH_MAILDIR, MAILDIR)
+ maildir=yes
+ ])
+ if test $maildir = no; then
+ for d in /var/mail /var/spool/mail /usr/spool/mail; do
+ if test -d "$d"; then
+ maildir=yes
+ SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "$d")
+ break
+ fi
+ done
+ if test $maildir = no; then
+ # unable to find mail dir, hope for the best
+ SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "/var/mail")
+ fi
+ fi
+fi
+])
+
+dnl
dnl private versions of AC_DEFINE and AC_DEFINE_UNQUOTED that don't support
dnl tracing that we use to define paths for pathnames.h so autoheader doesn't
dnl put them in config.h.in. An awful hack.
diff --git a/config.h.in b/config.h.in
index ce43f925a..8e2ed6eb3 100644
--- a/config.h.in
+++ b/config.h.in
@@ -316,6 +316,9 @@
/* Define to 1 if you have the `lrand48' function. */
#undef HAVE_LRAND48
+/* Define to 1 if you have the <maillock.h> header file. */
+#undef HAVE_MAILLOCK_H
+
/* Define to 1 if you have the <malloc.h> header file. */
#undef HAVE_MALLOC_H
diff --git a/configure b/configure
index a3929a4bb..186491252 100755
--- a/configure
+++ b/configure
@@ -13845,6 +13845,68 @@ $as_echo "$ac_cv_sys_posix_termios" >&6; }
if test "$ac_cv_sys_posix_termios" != "yes"; then
as_fn_error "Must have POSIX termios to build sudo" "$LINENO" 5
fi
+
+maildir=no
+if test X"$ac_cv_header_paths_h" = X"yes"; then
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+#include <paths.h>
+int main() {char *p = _PATH_MAILDIR;}
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ maildir=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+if test $maildir = no; then
+ # Solaris has maillock.h which defines MAILDIR
+ for ac_header in maillock.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "maillock.h" "ac_cv_header_maillock_h" "$ac_includes_default"
+if test "x$ac_cv_header_maillock_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_MAILLOCK_H 1
+_ACEOF
+
+ cat >>confdefs.h <<\EOF
+#define _PATH_MAILDIR MAILDIR
+EOF
+
+ maildir=yes
+
+fi
+
+done
+
+ if test $maildir = no; then
+ for d in /var/mail /var/spool/mail /usr/spool/mail; do
+ if test -d "$d"; then
+ maildir=yes
+ cat >>confdefs.h <<EOF
+#define _PATH_MAILDIR "$d"
+EOF
+
+ break
+ fi
+ done
+ if test $maildir = no; then
+ # unable to find mail dir, hope for the best
+ cat >>confdefs.h <<EOF
+#define _PATH_MAILDIR "/var/mail"
+EOF
+
+ fi
+ fi
+fi
+
if test ${with_logincap-'no'} != "no"; then
for ac_header in login_cap.h
do :
@@ -17854,7 +17916,7 @@ if test -z "$timedir"; then
for d in /var/db /var/lib /var/adm /usr/adm; do
if test -d "$d"; then
timedir="$d/sudo"
- break;
+ break
fi
done
fi
diff --git a/configure.in b/configure.in
index f37a688da..e0968ba46 100644
--- a/configure.in
+++ b/configure.in
@@ -1866,6 +1866,7 @@ AC_SYS_POSIX_TERMIOS
if test "$ac_cv_sys_posix_termios" != "yes"; then
AC_MSG_ERROR([Must have POSIX termios to build sudo])
fi
+SUDO_MAILDIR
if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
case "$OS" in
diff --git a/doc/sudo.cat b/doc/sudo.cat
index 0a2f3ff0d..cc56f8bf6 100644
--- a/doc/sudo.cat
+++ b/doc/sudo.cat
@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
-1.8.0b1 July 1, 2010 1
+1.8.0b1 July 19, 2010 1
@@ -127,7 +127,7 @@ OOPPTTIIOONNSS
-1.8.0b1 July 1, 2010 2
+1.8.0b1 July 19, 2010 2
@@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-1.8.0b1 July 1, 2010 3
+1.8.0b1 July 19, 2010 3
@@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-1.8.0b1 July 1, 2010 4
+1.8.0b1 July 19, 2010 4
@@ -325,7 +325,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-1.8.0b1 July 1, 2010 5
+1.8.0b1 July 19, 2010 5
@@ -391,7 +391,7 @@ PPLLUUGGIINNSS
-1.8.0b1 July 1, 2010 6
+1.8.0b1 July 19, 2010 6
@@ -457,7 +457,7 @@ SSEECCUURRIITTYY NNOOTTEESS
-1.8.0b1 July 1, 2010 7
+1.8.0b1 July 19, 2010 7
@@ -481,6 +481,9 @@ EENNVVIIRROONNMMEENNTT
EDITOR Default editor to use in --ee (sudoedit) mode if neither
SUDO_EDITOR nor VISUAL is set
+ MAIL In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set
+ to the mail spool of the target user
+
HOME In --ii, --ss or --HH mode (or if sudo was configured with
the --enable-shell-sets-home option), set to homedir of
the target user
@@ -517,13 +520,10 @@ EENNVVIIRROONNMMEENNTT
FFIILLEESS
_/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo plugin and path configuration
-EEXXAAMMPPLLEESS
- Note: the following examples assume a properly configured security
- policy.
-1.8.0b1 July 1, 2010 8
+1.8.0b1 July 19, 2010 8
@@ -532,6 +532,10 @@ EEXXAAMMPPLLEESS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+EEXXAAMMPPLLEESS
+ Note: the following examples assume a properly configured security
+ policy.
+
To get a file listing of an unreadable directory:
$ sudo ls /usr/local/protected
@@ -582,21 +586,21 @@ CCAAVVEEAATTSS
programs (such as editors) allow the user to run commands via shell
escapes, thus avoiding ssuuddoo's checks. However, on most systems it is
possible to prevent shell escapes with the _s_u_d_o_e_r_s(4) module's _n_o_e_x_e_c
- functionality.
- It is not meaningful to run the cd command directly via sudo, e.g.,
+1.8.0b1 July 19, 2010 9
-1.8.0b1 July 1, 2010 9
+SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
-SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
+ functionality.
+ It is not meaningful to run the cd command directly via sudo, e.g.,
$ sudo cd /usr/local/protected
@@ -651,10 +655,6 @@ DDIISSCCLLAAIIMMEERR
-
-
-
-
-1.8.0b1 July 1, 2010 10
+1.8.0b1 July 19, 2010 10
diff --git a/doc/sudo.man.in b/doc/sudo.man.in
index a91ad23f3..fd28e459e 100644
--- a/doc/sudo.man.in
+++ b/doc/sudo.man.in
@@ -149,7 +149,7 @@
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "July 1, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "July 19, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -597,6 +597,11 @@ policy has control over the content of the command's environment.
.IX Item "EDITOR"
Default editor to use in \fB\-e\fR (sudoedit) mode if neither \f(CW\*(C`SUDO_EDITOR\*(C'\fR
nor \f(CW\*(C`VISUAL\*(C'\fR is set
+.ie n .IP "\*(C`MAIL\*(C'" 16
+.el .IP "\f(CW\*(C`MAIL\*(C'\fR" 16
+.IX Item "MAIL"
+In \fB\-i\fR mode or when \fIenv_reset\fR is enabled in \fIsudoers\fR, set
+to the mail spool of the target user
.ie n .IP "\*(C`HOME\*(C'" 16
.el .IP "\f(CW\*(C`HOME\*(C'\fR" 16
.IX Item "HOME"
diff --git a/doc/sudo.pod b/doc/sudo.pod
index 711f62195..918c02947 100644
--- a/doc/sudo.pod
+++ b/doc/sudo.pod
@@ -498,6 +498,11 @@ policy has control over the content of the command's environment.
Default editor to use in B<-e> (sudoedit) mode if neither C<SUDO_EDITOR>
nor C<VISUAL> is set
+=item C<MAIL>
+
+In B<-i> mode or when I<env_reset> is enabled in I<sudoers>, set
+to the mail spool of the target user
+
=item C<HOME>
In B<-i>, B<-s> or B<-H> mode (or if sudo was configured with the
diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index 70f7c2d97..ef40f7de8 100644
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
-1.8.0b1 July 16, 2010 1
+1.8.0b1 July 19, 2010 1
@@ -80,9 +80,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
By default, the _e_n_v___r_e_s_e_t option is enabled. This causes commands to
be executed with a minimal environment containing TERM, PATH, HOME,
- SHELL, LOGNAME, USER and USERNAME in addition to variables from the
- invoking process permitted by the _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options. This
- is effectively a whitelist for environment variables.
+ MAIL, SHELL, LOGNAME, USER and USERNAME in addition to variables from
+ the invoking process permitted by the _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p options.
+ This is effectively a whitelist for environment variables.
If, however, the _e_n_v___r_e_s_e_t option is disabled, any variables not
explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are inherited
@@ -107,8 +107,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
As a special case, If ssuuddoo's --ii option (initial login) is specified,
_s_u_d_o_e_r_s will initialize the environment regardless of the value of
_e_n_v___r_e_s_e_t. The _D_I_S_P_L_A_Y, _P_A_T_H and _T_E_R_M variables remain unchanged;
- _H_O_M_E, _S_H_E_L_L, _U_S_E_R, and _L_O_G_N_A_M_E are set based on the target user. On
- Linux and AIX systems the contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are also
+ _H_O_M_E, _M_A_I_L, _S_H_E_L_L, _U_S_E_R, and _L_O_G_N_A_M_E are set based on the target user.
+ On Linux and AIX systems the contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t are also
included. All other environment variables are removed.
SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
@@ -127,7 +127,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
-1.8.0b1 July 16, 2010 2
+1.8.0b1 July 19, 2010 2
@@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 3
+1.8.0b1 July 19, 2010 3
@@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 4
+1.8.0b1 July 19, 2010 4
@@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 5
+1.8.0b1 July 19, 2010 5
@@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 6
+1.8.0b1 July 19, 2010 6
@@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 7
+1.8.0b1 July 19, 2010 7
@@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 8
+1.8.0b1 July 19, 2010 8
@@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 9
+1.8.0b1 July 19, 2010 9
@@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 10
+1.8.0b1 July 19, 2010 10
@@ -721,7 +721,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
-1.8.0b1 July 16, 2010 11
+1.8.0b1 July 19, 2010 11
@@ -752,7 +752,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
specified in editor. This flag is _o_f_f by default.
env_reset If set, ssuuddoo will reset the environment to only contain
- the LOGNAME, SHELL, USER, USERNAME and the SUDO_*
+ the LOGNAME, MAIL, SHELL, USER, USERNAME and the SUDO_*
variables. Any variables in the caller's environment
that match the env_keep and env_check lists are then
added. The default contents of the env_keep and
@@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 12
+1.8.0b1 July 19, 2010 12
@@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 13
+1.8.0b1 July 19, 2010 13
@@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 14
+1.8.0b1 July 19, 2010 14
@@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 15
+1.8.0b1 July 19, 2010 15
@@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 16
+1.8.0b1 July 19, 2010 16
@@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 17
+1.8.0b1 July 19, 2010 17
@@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 18
+1.8.0b1 July 19, 2010 18
@@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 19
+1.8.0b1 July 19, 2010 19
@@ -1315,7 +1315,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 20
+1.8.0b1 July 19, 2010 20
@@ -1381,7 +1381,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 21
+1.8.0b1 July 19, 2010 21
@@ -1447,7 +1447,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 22
+1.8.0b1 July 19, 2010 22
@@ -1513,7 +1513,7 @@ EEXXAAMMPPLLEESS
-1.8.0b1 July 16, 2010 23
+1.8.0b1 July 19, 2010 23
@@ -1579,7 +1579,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 24
+1.8.0b1 July 19, 2010 24
@@ -1645,7 +1645,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-1.8.0b1 July 16, 2010 25
+1.8.0b1 July 19, 2010 25
@@ -1711,7 +1711,7 @@ SSEECCUURRIITTYY NNOOTTEESS
-1.8.0b1 July 16, 2010 26
+1.8.0b1 July 19, 2010 26
@@ -1777,7 +1777,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
-1.8.0b1 July 16, 2010 27
+1.8.0b1 July 19, 2010 27
@@ -1843,7 +1843,7 @@ SSEECCUURRIITTYY NNOOTTEESS
-1.8.0b1 July 16, 2010 28
+1.8.0b1 July 19, 2010 28
@@ -1909,6 +1909,6 @@ DDIISSCCLLAAIIMMEERR
-1.8.0b1 July 16, 2010 29
+1.8.0b1 July 19, 2010 29
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index ccd8e44f3..054c833ec 100644
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -148,7 +148,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "July 16, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "July 19, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -219,7 +219,7 @@ distinct ways \fIsudoers\fR can deal with environment variables.
.PP
By default, the \fIenv_reset\fR option is enabled. This causes commands
to be executed with a minimal environment containing \f(CW\*(C`TERM\*(C'\fR,
-\&\f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR and \f(CW\*(C`USERNAME\*(C'\fR in
+\&\f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`MAIL\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR and \f(CW\*(C`USERNAME\*(C'\fR in
addition to variables from the invoking process permitted by the
\&\fIenv_check\fR and \fIenv_keep\fR options. This is effectively a whitelist
for environment variables.
@@ -247,10 +247,10 @@ and, as such, it is not possible for \fBsudo\fR to preserve them.
As a special case, If \fBsudo\fR's \fB\-i\fR option (initial login) is
specified, \fIsudoers\fR will initialize the environment regardless
of the value of \fIenv_reset\fR. The \fI\s-1DISPLAY\s0\fR, \fI\s-1PATH\s0\fR and \fI\s-1TERM\s0\fR
-variables remain unchanged; \fI\s-1HOME\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, and \fI\s-1LOGNAME\s0\fR
-are set based on the target user. On Linux and \s-1AIX\s0 systems the
-contents of \fI/etc/environment\fR are also included. All other
-environment variables are removed.
+variables remain unchanged; \fI\s-1HOME\s0\fR, \fI\s-1MAIL\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR,
+and \fI\s-1LOGNAME\s0\fR are set based on the target user. On Linux and \s-1AIX\s0
+systems the contents of \fI/etc/environment\fR are also included. All
+other environment variables are removed.
.SH "SUDOERS FILE FORMAT"
.IX Header "SUDOERS FILE FORMAT"
The \fIsudoers\fR file is composed of two types of entries: aliases
@@ -861,7 +861,7 @@ default.
.IP "env_reset" 16
.IX Item "env_reset"
If set, \fBsudo\fR will reset the environment to only contain the
-\&\s-1LOGNAME\s0, \s-1SHELL\s0, \s-1USER\s0, \s-1USERNAME\s0 and the \f(CW\*(C`SUDO_*\*(C'\fR variables. Any
+\&\s-1LOGNAME\s0, \s-1MAIL\s0, \s-1SHELL\s0, \s-1USER\s0, \s-1USERNAME\s0 and the \f(CW\*(C`SUDO_*\*(C'\fR variables. Any
variables in the caller's environment that match the \f(CW\*(C`env_keep\*(C'\fR
and \f(CW\*(C`env_check\*(C'\fR lists are then added. The default contents of the
\&\f(CW\*(C`env_keep\*(C'\fR and \f(CW\*(C`env_check\*(C'\fR lists are displayed when \fBsudo\fR is
diff --git a/doc/sudoers.pod b/doc/sudoers.pod
index 2effd8095..69fbdcd70 100644
--- a/doc/sudoers.pod
+++ b/doc/sudoers.pod
@@ -90,7 +90,7 @@ distinct ways I<sudoers> can deal with environment variables.
By default, the I<env_reset> option is enabled. This causes commands
to be executed with a minimal environment containing C<TERM>,
-C<PATH>, C<HOME>, C<SHELL>, C<LOGNAME>, C<USER> and C<USERNAME> in
+C<PATH>, C<HOME>, C<MAIL>, C<SHELL>, C<LOGNAME>, C<USER> and C<USERNAME> in
addition to variables from the invoking process permitted by the
I<env_check> and I<env_keep> options. This is effectively a whitelist
for environment variables.
@@ -118,10 +118,10 @@ and, as such, it is not possible for B<sudo> to preserve them.
As a special case, If B<sudo>'s B<-i> option (initial login) is
specified, I<sudoers> will initialize the environment regardless
of the value of I<env_reset>. The I<DISPLAY>, I<PATH> and I<TERM>
-variables remain unchanged; I<HOME>, I<SHELL>, I<USER>, and I<LOGNAME>
-are set based on the target user. On Linux and AIX systems the
-contents of F</etc/environment> are also included. All other
-environment variables are removed.
+variables remain unchanged; I<HOME>, I<MAIL>, I<SHELL>, I<USER>,
+and I<LOGNAME> are set based on the target user. On Linux and AIX
+systems the contents of F</etc/environment> are also included. All
+other environment variables are removed.
=head1 SUDOERS FILE FORMAT
@@ -727,7 +727,7 @@ default.
=item env_reset
If set, B<sudo> will reset the environment to only contain the
-LOGNAME, SHELL, USER, USERNAME and the C<SUDO_*> variables. Any
+LOGNAME, MAIL, SHELL, USER, USERNAME and the C<SUDO_*> variables. Any
variables in the caller's environment that match the C<env_keep>
and C<env_check> lists are then added. The default contents of the
C<env_keep> and C<env_check> lists are displayed when B<sudo> is
diff --git a/pathnames.h.in b/pathnames.h.in
index 4e6cc078d..f624325c7 100644
--- a/pathnames.h.in
+++ b/pathnames.h.in
@@ -133,6 +133,10 @@
#define _PATH_USRTMP "/usr/tmp/"
#endif /* _PATH_USRTMP */
+#ifndef _PATH_MAILDIR
+#undef _PATH_MAILDIR
+#endif /* _PATH_MAILDIR */
+
#ifndef _PATH_SUDO_SESH
#undef _PATH_SUDO_SESH
#endif /* _PATH_SUDO_SESH */
diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c
index c7562590c..3d97953aa 100644
--- a/plugins/sudoers/env.c
+++ b/plugins/sudoers/env.c
@@ -65,6 +65,8 @@
#define DID_USER 0x0020
#undef DID_USERNAME
#define DID_USERNAME 0x0040
+#undef DID_MAIL
+#define DID_MAIL 0x0080
#undef DID_MAX
#define DID_MAX 0x00ff
@@ -82,6 +84,8 @@
#define KEPT_USER 0x2000
#undef KEPT_USERNAME
#define KEPT_USERNAME 0x4000
+#undef KEPT_MAIL
+#define KEPT_MAIL 0x8000
#undef KEPT_MAX
#define KEPT_MAX 0xff00
@@ -192,7 +196,6 @@ static const char *initial_keepenv_table[] = {
"HOSTNAME",
"KRB5CCNAME",
"LS_COLORS",
- "MAIL",
"PATH",
"PS1",
"PS2",
@@ -460,6 +463,10 @@ rebuild_env(int noexec)
if (strncmp(*ep, "LOGNAME=", 8) == 0)
SET(didvar, DID_LOGNAME);
break;
+ case 'M':
+ if (strncmp(*ep, "MAIL=", 5) == 0)
+ SET(didvar, DID_MAIL);
+ break;
case 'P':
if (strncmp(*ep, "PATH=", 5) == 0)
SET(didvar, DID_PATH);
@@ -509,6 +516,18 @@ rebuild_env(int noexec)
if (!ISSET(didvar, DID_USERNAME))
sudo_setenv("USERNAME", user_name, FALSE);
}
+ /*
+ * Set MAIL to target user in -i mode or if MAIL is not preserved
+ * from user's environment.
+ */
+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, KEPT_MAIL)) {
+ cp = _PATH_MAILDIR;
+ if (cp[sizeof(_PATH_MAILDIR) - 2] == '/')
+ easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name);
+ else
+ easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name);
+ sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
+ }
} else {
/*
* Copy environ entries as long as they don't match env_delete or
View Lorry Controller Status