Univention Bugzilla – Bug 34271
sudo: Insufficient environment sanitising (3.2)
Last modified: 2019-04-11 19:23:23 CEST
+++ This bug was initially created as a clone of Bug #34270 +++ CVe-2014-0106 By default sudo sanitises the environment: All environment variables are reset with the exception of a few harmless ones (e.g. PATH, USER etc). This prevents privilege escalation attacks e.g. with programs using dynamic load paths. This is the default in UCS. However, if the sanitising feature is turned off and environment variables are passed on the command line, they are not treated by the env_check and env_delete options. This has low priority, since disabling the sanitising is insecure itself.
(In reply to Moritz Muehlenhoff from comment #0) > +++ This bug was initially created as a clone of Bug #34270 +++ > > CVe-2014-0106 > > By default sudo sanitises the environment: All environment variables are > reset with the exception of a few harmless ones (e.g. PATH, USER etc). This > prevents privilege escalation attacks e.g. with programs using dynamic load > paths. > This is the default in UCS. > > However, if the sanitising feature is turned off and environment variables > are passed on the command line, they are not treated by the env_check and > env_delete options. > > This has low priority, since disabling the sanitising is insecure itself. This won't be fixed in UCS 3.x due to low impact. The problem is fixed in the upcoming UCS 4.0 release.