[Pbuilder-maint] Bug#361362: Bug#361362: PBUILDERROOTCMD should default to "sudo -E"

Loïc Minier lool at dooz.org
Sun Dec 16 10:01:48 UTC 2007


On Sun, Dec 16, 2007, Junichi Uekawa wrote:
> Should we make 'sudo -E ' the default? 
> 
> I just tried in my sid system, and sudo -E doesn't look too
> good. Would it depend on the configuration you have in your sudoers
> file?

 It's dependent of the sudoers config and of the sudo package in use.
 For example on my Debian systems I had to add SETENV: to the sudoers
 line used for pbuilder while on Ubuntu systems this is implied if the
 command is (ALL).

 I don't know whether "sudo -E" is a good idea:
 - it's probably a security risk, but people launching pbuilder will
   probably be able to pass a pbuilderrc which is shell which will be
   sourced as root
 - it probably pollutes the environment

 At some point, I didn't have to use sudo -E (I never used it in the
 past and my PBUILDER_CONFIG trick used to work); instead of sudo -E I
 could as well setup sudo to allow http_proxy and PBUILDER_CONFIG
 manually.

 Perhaps we should provide people with a sudo config?  No strong feeling
 on this.

-- 
Loïc Minier



More information about the Pbuilder-maint mailing list