Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much

Re^4: Distro Pkg-Managed, broken, sudo clears $PERL5LIB (sudoers)

by Crackers2 (Parson)
on Oct 01, 2010 at 23:51 UTC ( #863024=note: print w/replies, xml ) Need Help??

in reply to Re^3: Distro Pkg-Managed, broken, sudo clears $PERL5LIB (sudoers)
in thread Distro Pkg-Managed, broken, sudo clears $PERL5LIB

But please do not make passing on PERL5LIB a default.
Why? The PERL5LIB environment variable is set up after the fact (of changing $< and $>) of getting broader permissions via sudo. So, a well thought-out privilege evelating scheme is more important than the passing of an environment variable while changing $UID, becaue you could set that very ENV var by hand, after running sudo.

^^^ What martin said. In a lot of cases the user making the sudo call does not control the code that is being called.

In that case, passing through PERL5LIB is like passing through PATH or LD_LIBRARY_PATH. Just google "sudo PATH exploit" to find plenty of examples of the trouble you can run into.

So yes, if you're sure that sudo is only used to give full shell access, then by all means go ahead and pass through PERL5LIB. In all other cases, leaving it out it probably a better idea.

  • Comment on Re^4: Distro Pkg-Managed, broken, sudo clears $PERL5LIB (sudoers)
  • Download Code

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://863024]
Discipulus I'd rather say good weak start..

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (7)
As of 2018-05-28 08:26 GMT
Find Nodes?
    Voting Booth?