|
|
|
|
|
|
by herczegzsolt
728 days ago
|
|
|
The argument is, that in case of sudo, the caller (potential attacker) controls the environment. In many cases, software or libraries are not made with a hostile environment in mind. Think of LD_PRELOAD or PATH ... When there's a daemon running in the background, the attack surface is more commonly understood. The environment is not under attacker control. Libraries rarely treat data from socket as "trusted" but often blindly trust environment variables, or stdin/stdout/stderr. |
|
|
sudo etc. already clear much of the environment. And you're going to want to keep some of it because people expect "sudo foo" to work (which you can't do without PATH).