Comment 0 for bug 1373495

Revision history for this message
V字龍(Vdragon) (vdragon) wrote : sudo shouldn't preserve HOME environment variable by default

Currently Ubuntu hard-coded preserve HOME environment variable to point to sudo caller's home directory by default(refer bug #760140) however this is dangerous and error-prone because the program run by root may write files (e.g. $HOME/.Xauthority , program config files) into the HOME directory **AS ROOT** which, will cause issue when user run the same program using it's account and even make the user failed to login(due to .Xauthority file owner is incorrect)

In my opinion the Ubuntu patch that make $HOME variable keep in sudo is INSANE and should be reverted(Ubuntu should use the safest configuration by default), any user wish to run command as root using their HOME directory should set env_keep in /etc/sudoers themselves and acknowledging the consequences.

RootSudo - Community Help Wiki(https://help.ubuntu.com/community/RootSudo ) wrongly tell that graphical application shouldn't launch by sudo, but in fact the real issue is in this bug.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: sudo 1.8.9p5-1ubuntu1
ProcVersionSignature: Ubuntu 3.16.0-17.23-lowlatency 3.16.3
Uname: Linux 3.16.0-17-lowlatency i686
ApportVersion: 2.14.1-0ubuntu3.4
Architecture: i386
CurrentDesktop: KDE
Date: Thu Sep 25 00:08:44 2014
InstallationDate: Installed on 2013-03-08 (564 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release i386 (20121017.2)
SourcePackage: sudo
UpgradeStatus: Upgraded to trusty on 2014-04-19 (158 days ago)
VisudoCheck:
 /etc/sudoers: parsed OK
 /etc/sudoers.d/Preserve_input_method_required_environmental_variables: parsed OK
 /etc/sudoers.d/README: parsed OK
modified.conffile..etc.sudoers.d.README: [modified]
mtime.conffile..etc.sudoers.d.README: 2014-09-24T22:26:35.734703