sudo/sudo-1.7.1-secure_path.diff

Index: env.c
===================================================================
--- env.c.orig
+++ env.c
@@ -700,7 +700,7 @@ rebuild_env(sudo_mode, noexec)
 	}
     }
     /* Replace the PATH envariable with a secure one? */
-    if (def_secure_path && !user_is_exempt()) {
+    if (def_secure_path && !user_is_exempt() && def_env_reset) {
 	sudo_setenv("PATH", def_secure_path, TRUE);
 	SET(didvar, DID_PATH);
     }
Index: find_path.c
===================================================================
--- find_path.c.orig
+++ find_path.c
@@ -87,7 +87,7 @@ find_path(infile, outfile, sbp, path)
     }
 
     /* Use PATH passed in unless SECURE_PATH is in effect.  */
-    if (def_secure_path && !user_is_exempt())
+    if (def_secure_path && !user_is_exempt() && def_env_reset)
 	path = def_secure_path;
     else if (path == NULL)
 	return(NOT_FOUND);
Index: logging.c
===================================================================
--- logging.c.orig
+++ logging.c
@@ -434,7 +434,7 @@ send_mail(line)
 #ifndef NO_ROOT_MAILER
     static char *root_envp[] = {
 	"HOME=/",
-	"PATH=/usr/bin:/bin",
+	"PATH=/usr/sbin:/bin:/usr/bin:/sbin",
 	"LOGNAME=root",
 	"USERNAME=root",
 	"USER=root",
Index: pathnames.h.in
===================================================================
--- pathnames.h.in.orig
+++ pathnames.h.in
@@ -41,9 +41,10 @@
 #define _PATH_DEVNULL		"/dev/null"
 #endif /* _PATH_DEVNULL */
 
-#ifndef _PATH_DEFPATH
-#define _PATH_DEFPATH		"/usr/bin:/bin"
-#endif /* _PATH_DEFPATH */
+/*
+ * _PATH_DEFPATH included from <paths.h> contains only "/usr/bin:/bin"
+ */
+#define _PATH_DEFPATH		"/usr/sbin:/bin:/usr/bin:/sbin"
 
 #ifndef _PATH_ENVIRONMENT
 #define _PATH_ENVIRONMENT	"/etc/environment"