From af6f43a7dff5b3226c823efe917fb9287ebe64da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Fri, 7 Nov 2025 16:05:42 +0100 Subject: [PATCH] - Resolves: RHEL-59136 - sudo passes SHELL environment variable twice to the shell being executed [rhel-10] - Resolves: RHEL-128212 - [RFE] request to backport support for regex in sudo [rhel-10] - Resolves: RHEL-112100 - Rebase of sudo to 1.9.17p2 [rhel-10] --- ...Avoid-setting-SHELL-twice-for-sudo-i.patch | 32 +++++++++++++++++++ sudo.spec | 1 + 2 files changed, 33 insertions(+) create mode 100644 0003-rebuild_env-Avoid-setting-SHELL-twice-for-sudo-i.patch diff --git a/0003-rebuild_env-Avoid-setting-SHELL-twice-for-sudo-i.patch b/0003-rebuild_env-Avoid-setting-SHELL-twice-for-sudo-i.patch new file mode 100644 index 0000000..a8d0819 --- /dev/null +++ b/0003-rebuild_env-Avoid-setting-SHELL-twice-for-sudo-i.patch @@ -0,0 +1,32 @@ +From 3d467a705ea6ee53081cb11cc21ecf08eb47700d Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Thu, 6 Nov 2025 12:05:24 -0700 +Subject: [PATCH] rebuild_env: Avoid setting SHELL twice for "sudo -i" +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Make sure DID_SHELL is set when we set SHELL in the "sudo -i" case. +Otherwise, it will be set again when setting fallback values. +Reported by Alejandro López at Red Hat. + +The code to make sure that SHELL is setu +--- + plugins/sudoers/env.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c +index 866ef3991..61b615513 100644 +--- a/plugins/sudoers/env.c ++++ b/plugins/sudoers/env.c +@@ -966,6 +966,7 @@ rebuild_env(const struct sudoers_context *ctx) + if (ISSET(ctx->mode, MODE_LOGIN_SHELL)) { + CHECK_SETENV2("SHELL", ctx->runas.pw->pw_shell, + ISSET(didvar, DID_SHELL), true); ++ SET(didvar, DID_SHELL); + #ifdef _AIX + CHECK_SETENV2("LOGIN", ctx->runas.pw->pw_name, + ISSET(didvar, DID_LOGIN), true); +-- +2.51.1 + diff --git a/sudo.spec b/sudo.spec index 50bd8fa..ddd5c99 100644 --- a/sudo.spec +++ b/sudo.spec @@ -34,6 +34,7 @@ BuildRequires: zlib-devel Patch1: 0001-coverity.patch Patch2: 0002-sudo-conf.patch +Patch3: 0003-rebuild_env-Avoid-setting-SHELL-twice-for-sudo-i.patch %description Sudo (superuser do) allows a system administrator to give certain