83 lines
		
	
	
		
			2.9 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			83 lines
		
	
	
		
			2.9 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| Description: Add a -E option, exposing all environment variables
 | |
|  Some system tools (such as ubuntu-release-upgrader) read XDG* (etc.), so allow the user to opt-in to preserving those.
 | |
| Author: Simon Quigley <tsimonq2@lubuntu.me>
 | |
| Origin: upstream
 | |
| Forwarded: https://github.com/lxqt/lxqt-sudo/pull/204
 | |
| Last-Update: 2023-10-11
 | |
| ---
 | |
| This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
 | |
| --- a/sudo.cpp
 | |
| +++ b/sudo.cpp
 | |
| @@ -84,6 +84,7 @@ namespace
 | |
|                      "    -s|--su        Use %3(1) as backend.\n"
 | |
|                      "    -d|--sudo      Use %2(8) as backend.\n"
 | |
|                      "    -a|--doas      Use %4(1) as backend.\n"
 | |
| +                    "    -E|--keep-env  Preserve all existing environment variables.\n"
 | |
|                      "  command          Command to run.\n"
 | |
|                      "  arguments        Optional arguments for command.\n\n").arg(app_master).arg(sudo_prog).arg(su_prog).arg(doas_prog);
 | |
|          if (!err.isEmpty())
 | |
| @@ -114,8 +115,13 @@ namespace
 | |
|      };
 | |
|      assert_helper h;
 | |
|  
 | |
| -    inline std::string env_workarounds()
 | |
| +    inline std::string env_workarounds(bool preserveEnv)
 | |
|      {
 | |
| +        if (preserveEnv) {
 | |
| +            std::cerr << LXQTSUDO << ": Preserving all environment variables.\n";
 | |
| +            return "";
 | |
| +        }
 | |
| +
 | |
|          std::cerr << LXQTSUDO << ": Stripping child environment except for: ";
 | |
|          std::ostringstream left_env_params;
 | |
|          std::copy(ALLOWED_VARS, ALLOWED_END - 1, std::ostream_iterator<const char *>{left_env_params, ","});
 | |
| @@ -196,6 +202,10 @@ int Sudo::main()
 | |
|          {
 | |
|              mBackend = BACK_DOAS;
 | |
|              mArgs.removeAt(0);
 | |
| +        } else if (QStringLiteral("-E") == arg1 || QStringLiteral("--keep-env") == arg1)
 | |
| +        {
 | |
| +            mPreserveEnv = true;
 | |
| +            mArgs.removeAt(0);
 | |
|          }
 | |
|      }
 | |
|      //any other arguments we simply forward to su/sudo
 | |
| @@ -287,11 +297,13 @@ void Sudo::child()
 | |
|      switch (mBackend)
 | |
|      {
 | |
|          case BACK_SUDO:
 | |
| -            preserve_env_param = "--preserve-env=";
 | |
| -
 | |
| -            preserve_env_param += env_workarounds();
 | |
| -
 | |
| -            *(param_arg++) = preserve_env_param.c_str(); //preserve environment
 | |
| +            if(!mPreserveEnv) {
 | |
| +                preserve_env_param = "--preserve-env=";
 | |
| +                preserve_env_param += env_workarounds(mPreserveEnv);
 | |
| +            } else {
 | |
| +                preserve_env_param = "--preserve-env";
 | |
| +            }
 | |
| +            *(param_arg++) = preserve_env_param.c_str();
 | |
|              *(param_arg++) = "/bin/sh";
 | |
|              break;
 | |
|          case BACK_DOAS:
 | |
| @@ -299,7 +311,7 @@ void Sudo::child()
 | |
|              [[fallthrough]];
 | |
|          case BACK_SU:
 | |
|          case BACK_NONE:
 | |
| -            env_workarounds();
 | |
| +            env_workarounds(mPreserveEnv);
 | |
|              break;
 | |
|  
 | |
|      }
 | |
| --- a/sudo.h
 | |
| +++ b/sudo.h
 | |
| @@ -81,6 +81,7 @@ private:
 | |
|      int mChildPid;
 | |
|      int mPwdFd;
 | |
|      int mRet;
 | |
| +    bool mPreserveEnv = false;
 | |
|  };
 | |
|  
 | |
|  #endif //SUDO_H
 |