sudo: pass env variables without /usr/bin/env

Using /usr/bin/env as a frontend for the actual command
prevents sudoers from restricting allowed commands and configuring
detailed command environment.

Library/Homebrew/system_command.rb

@@ -121,7 +121,7 @@ class SystemCommand
 
   sig { returns(T::Array[String]) }
   def command
-    [*sudo_prefix, *env_args, executable.to_s, *expanded_args]
+    [*command_prefix, executable.to_s, *expanded_args]
   end
 
   private
@@ -154,15 +154,23 @@ class SystemCommand
 
     return [] if set_variables.empty?
 
-    ["/usr/bin/env", *set_variables]
+    set_variables
   end
 
   sig { returns(T::Array[String]) }
   def sudo_prefix
-    return [] unless sudo?
-
     askpass_flags = ENV.key?("SUDO_ASKPASS") ? ["-A"] : []
-    ["/usr/bin/sudo", *askpass_flags, "-E", "--"]
+    ["/usr/bin/sudo", *askpass_flags, "-E", *env_args, "--"]
+  end
+
+  sig { returns(T::Array[String]) }
+  def env_previx
+    ["/usr/bin/env", *env_args]
+  end
+
+  sig { returns(T::Array[String]) }
+  def command_prefix
+    sudo? ? sudo_prefix : env_previx
   end
 
   sig { returns(T::Array[String]) }

Library/Homebrew/test/system_command_spec.rb

@@ -54,8 +54,8 @@ describe SystemCommand do
           expect(Open3)
             .to receive(:popen3)
             .with(
-              an_instance_of(Hash), ["/usr/bin/sudo", "/usr/bin/sudo"], "-E", "--",
-              "/usr/bin/env", "A=1", "B=2", "C=3", "env", *env_args, pgroup: nil
+              an_instance_of(Hash), ["/usr/bin/sudo", "/usr/bin/sudo"], "-E",
+              "A=1", "B=2", "C=3", "--", "env", *env_args, pgroup: nil
             )
             .and_wrap_original do |original_popen3, *_, &block|
               original_popen3.call("true", &block)