24 lines
910 B
Diff
24 lines
910 B
Diff
--- sudoers
|
|
+++ sudoers
|
|
@@ -13,6 +13,20 @@
|
|
|
|
# Defaults specification
|
|
|
|
+# prevent environment variables from influencing programs in an
|
|
+# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158,
|
|
+# CVE-2006-0151)
|
|
+Defaults always_set_home
|
|
+Defaults env_reset
|
|
+Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS"
|
|
+
|
|
+# In the default (unconfigured) configuration, sudo asks for the root password.
|
|
+# This allows use of an ordinary user account for administration of a freshly
|
|
+# installed system. When configuring sudo, delete the two
|
|
+# following lines:
|
|
+Defaults targetpw # ask for the password of the target user i.e. root
|
|
+ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
|
|
+
|
|
# Runas alias specification
|
|
|
|
# User privilege specification
|