Disable environment hooks after we get user_env back to make sure

a plugin can't to modify user_env after we "own" it.  This is kind
of a hack but we don't want the init_session plugin function to
modify user_env.

src/hooks.c

@@ -278,3 +278,29 @@ deregister_hook(struct sudo_hook *hook)
 
     debug_return_int(rval);
 }
+
+/* Deregister all environment handling hooks. */
+void
+deregister_env_hooks(void)
+{
+    struct sudo_hook_list *tofree;
+    debug_decl(deregister_env_hooks, SUDO_DEBUG_HOOKS)
+
+    while ((tofree = sudo_hook_setenv_list) != NULL) {
+	sudo_hook_setenv_list = sudo_hook_setenv_list->next;
+	efree(tofree);
+    }
+    while ((tofree = sudo_hook_unsetenv_list) != NULL) {
+	sudo_hook_unsetenv_list = sudo_hook_unsetenv_list->next;
+	efree(tofree);
+    }
+    while ((tofree = sudo_hook_getenv_list) != NULL) {
+	sudo_hook_getenv_list = sudo_hook_getenv_list->next;
+	efree(tofree);
+    }
+    while ((tofree = sudo_hook_putenv_list) != NULL) {
+	sudo_hook_putenv_list = sudo_hook_putenv_list->next;
+	efree(tofree);
+    }
+    debug_return;
+}

src/sudo.c

@@ -287,6 +287,10 @@ main(int argc, char *argv[], char *envp[])
 			plugin->name);
 		}
 	    }
+	    /* Now that we have the command's environment, disable env hooks. */
+	    deregister_env_hooks();
+
+	    /* Setup command details and run command/edit. */
 	    command_info_to_details(command_info, &command_details);
 	    command_details.argv = argv_out;
 	    command_details.envp = user_env_out;

src/sudo.h

@@ -231,6 +231,7 @@ int process_hooks_getenv(const char *name, char **val);
 int process_hooks_setenv(const char *name, const char *value, int overwrite);
 int process_hooks_putenv(char *string);
 int process_hooks_unsetenv(const char *name);
+void deregister_env_hooks(void);
 
 /* interfaces.c */
 int get_net_ifs(char **addrinfo);