Update to sudo 1.6.9p1. Note that the environment handling in sudo

1.6.9 has changed relative to older versions.  Sudo now starts
commands with a minimal environment containing the variables in the
env_keep and env_check lists.  This behavior is configurable in the
sudoers file.  Please see the "SECURITY NOTES" section in the sudo
manual.

1 files changed, 15 insertions, 5 deletions

diff --git a/usr.bin/sudo/parse.lex b/usr.bin/sudo/parse.lex
index 6e904626d3d..a77c03800fb 100644
--- a/usr.bin/sudo/parse.lex
+++ b/usr.bin/sudo/parse.lex
@@ -1,6 +1,7 @@
 %{
 /*
- * Copyright (c) 1996, 1998-2004 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1996, 1998-2004, 2007
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -22,7 +23,7 @@
  * Materiel Command, USAF, under agreement number F39502-99-1-0512.
  */
 
-#include "config.h"
+#include <config.h>
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -54,7 +55,7 @@
 #include <sudo.tab.h>
 
 #ifndef lint
-static const char rcsid[] = "$Sudo: parse.lex,v 1.132 2004/05/17 20:51:13 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: parse.lex,v 1.132.2.3 2007/06/23 21:36:48 millert Exp $";
 #endif /* lint */
 
 #undef yywrap		/* guard against a yywrap macro */
@@ -228,6 +229,16 @@ EXEC[[:blank:]]*:	{
 			    	return(EXEC);
 			}
 
+SETENV[[:blank:]]*:	{
+			    	LEXTRACE("SETENV ");
+			    	return(SETENV);
+			}
+
+NOSETENV[[:blank:]]*:	{
+			    	LEXTRACE("NOSETENV ");
+			    	return(NOSETENV);
+			}
+
 \+{WORD}		{
 			    /* netgroup */
 			    fill(yytext, yyleng);
@@ -433,8 +444,7 @@ fill_args(s, len, addspace)
 	    (char *) realloc(yylval.command.args, arg_size) :
 	    (char *) malloc(arg_size);
 	if (p == NULL) {
-	    if (yylval.command.args != NULL)
-		free(yylval.command.args);
+	    efree(yylval.command.args);
 	    yyerror("unable to allocate memory");
 	    return;
 	} else