Dan Crosta on 1 May 2006 00:46:39 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] how to get sudo to preserve LD_PRELOAD


[apologies to anyone getting this twice...]

I'm having some trouble keeping LD_PRELOAD in the environment that
programs run via sudo. here's what I have in my sudoers file:

----
Defaults        !env_reset, !lecture, tty_tickets, !fqdn, insults,
!always_set_home
Defaults        env_keep += HOME, env_keep += EDITOR, env_keep += VISUAL
Defaults        env_keep += LD_PRELOAD
Defaults        env_delete -= LD_*, env_delete -= LD_PRELOAD, !noexec

root    ALL=(ALL) ALL

%admin  ALL=(ALL) ALL
----

and here's how I've been testing:

----
me@mybox:~$ sudo env |grep LD_
Password:
me@mybox:~$
----

I don't claim to understand entirely how the sudo code works wrt
environment manipulation, and my hypothesis is that it's smarter than
I am. I can't find any explicit case where it's removing LD_PRELOAD,
though, and given that I can't find that, it seems like the above
ought to keep LD_PRELOAD in the environment... does the order matter
somehow? It looked like the code in sodu's env.c reads in the entire sudoers file and then processess all its environment machinations with the full set of what's changed through Defaults. does anyone have any suggestions?


thanks,
dsc
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug