linux – Why does sudo remove environment variables by default?


The sudo command has the -E option that allows users to pass through all environment variables, although it’s still subject to the security policy configuration. So, is the use of -E inherently unsafe? Can someone offer a specific example of how this could be misused?