Univention Bugzilla – Bug 56579
pam_runasroot does not pass environment to execl
Last modified: 2023-10-18 16:20:28 CEST
A change in sudo (from version 1.9.4, commit https://github.com/sudo-project/sudo/commit/7d0b19d2a0236ff50f8e8253ba86e1672399ae52 ) causes that when invoking this pam module, when setenv is used, the target for it is the private sudo environment instead of the local environ pointer. For that reason, when a program is invoked with execl, the state of the environment variables in the target program is the original one, without the setenv operation having any apparent effect. Because the environment modifications used in pam_runasroot are used only for the invoked processes and do not need to be preserved afterwards, the execle function can be used together with a local pointer for the environment variables.
Cherry-picked to 5.0-5: Change: Don't use setenv function to modify environment variables and use execle with a local pointer instead for compatibility with sudo >= 1.9.4 Commits: pam-runasroot (11.0.0-2) 39caebc730d8 | fix(pam_runasroot): fix setting of environment variables due to sudo API change New package version: Package: pam-runasroot Version: 11.0.0-2 Branch: ucs_5.0-0 Scope: errata5.0-5
OK: env variables passed explicitly, no need to set them for the current process, only for the subprocess OK: code review OK: Advisory
<https://errata.software-univention.de/#/?erratum=5.0x844>