On Tue, Jun 19, 2012 at 4:42 PM, Martin Gregorie <martin@xxxxxxxxxxxx> wrote: > Of course, much the same applies if the value of USER is retrieved > within a C program by calling getenv(): again, its a delayed evaluation > that would happen after sudo has done its thing. I'm not sure if it was already discussed or not but what about the good and old user id checking: if(geteuid()==0 || getuid()==0) exit(EACCESS); Best wishes, Bruno
