On 08/06/2018 10:24 AM, Martin Steigerwald wrote: > Theodore Y. Ts'o - 05.08.18, 17:05: >> * The PATH might include the current directory, and so a script > […] >> So for that reason, it makes sense that a "sudo" or "su" command >> should default to something safe. > > Thank you, Ted. This is the best explanation I saw so far. I accept it > for default. > > In my specific case I still do not see any big issue with that cause the > backup script runs on my laptop, the user I "su" from and "root" are > both users only I have access to. If you have sanitized your PATH (and other variables) already outside, then nothing prevents you from passing them into su or sudo. E.g. the GNU coreutils pass PATH and another variable for running the "root-only" testsuite: sudo env PATH="$PATH" NON_ROOT_USERNAME=$USER make -k check-root Can't you do something like that? Have a nice day, Berny -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
