[sudo-users] prevent sudoedit from using $EDITOR
niklasfree at gmail.com
Fri Feb 15 10:51:19 EST 2008
I use emacs but as you know one should not allow any user to start
emacs as root because any command can be executed from within emacs.
So I tried:
Defaults editor=/usr/bin/nano, !env_editor
Now when I run visudo it uses nano but what I wanted is that when a
user runs sudoedit /allowed-file that nano is used instead of emacs.
Two things I don't understand here:
(1) Why is there even an option !env_editor that forces use of
'editor' for visudo? I can't see how this improves security at all or
any other reason why anyone would want to use a different editor to
edit /etc/sudoers than for everything else. Once a user gains access
to /etc/sudores he can do whatever he wants anyway.
(2) But if !env_editor had an effect on sudoedit this would improve
security. Why isn't that done? Am I missing some other option that
does this? Just setting VISUAL/EDITOR does not seam to be enough, the
user could just change it before using sudoedit.
And one more thing, assuming that I am somehow able to prevent the
user from starting emacs and executing any command he wants:
(3) I did run a quick test and tried to write to a file that is only
writable by root after starting emacs like this.
user# sudoedit /the-only-allowed-file
This was not possible, which obviously is what I wanted. But I don't
understand how this is possible and as long as I don't know a little
more about it, I won't trust it enought to enable sudoedit at all.
More information about the sudo-users