[tbox-l] sudo and AUTHSTATE env variable

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

We just upgraded the sudo RPM on our AIX systems to the latest one 
available (sudo-1.6.9p15-2noldap).  One thing we noticed is that the 
AUTHSTATE environment variable is passed through to the command 
environment ONLY when sudo prompts you for your password, as seen here:

    /home/richb> env | grep AUTH
    AUTHSTATE=LDAP
    /home/richb> sudo env | grep AUTH
    Password:
    AUTHSTATE=LDAP
    /home/richb> sudo env | grep AUTH
    /home/richb> sudo -k
    /home/richb> sudo env | grep AUTH
    Password:
    AUTHSTATE=LDAP
    /home/richb> sudo env | grep AUTH
    /home/richb> sudo grep AUTH /etc/sudoers
    Defaults        env_delete=AUTHSTATE

What is really interesting is that we have always had an 
env_delete=AUTHSTATE line in our sudoers file (since we DO NOT want 
AUTHSTATE passed through) but unfortunately it seems to be ignored in this 
version.

I know that this version of sudo has the env_reset setting enabled by 
default so we really shouldn't need the env_delete=AUTHSTATE statement any 
more.  I have tried the above scenario without the env_delete=AUTHSTATE in 
/etc/sudoers but the behavior is the same as above (i.e. any time sudo 
prompts for your password the AUTHSTATE environment variable appears in 
the command environment being executed by sudo).

So this seems like a bug to me and I wanted to see if it could be fixed or 
if someone could suggest a workaround.

Thanks in advance,
Rich