On Tue, Apr 26, 2022 at 1:10 PM <rsbecker@xxxxxxxxxxxxx> wrote: > > Putting garbage into DOAS_UID might end up causing some unwanted effects Since it was the root user who put garbage there, we will have to trust it was not unwanted. My proposal to use is_digit() was to make sure we didn't get garbage from the getenv() call (ex: "") that would confuse the logic, but if there is some sudo version that is saving the uid as "ThisIsGarbage" then that is a bug better handled somewhere else. Agree with you that using strtol is better, but the added checks and logic make it more complicated and go against the assumption made in the commit message that the environment CAN'T be tampered with. Carlo
