[sudo-users] prevent sudoedit from using $EDITOR
Todd C. Miller
Todd.Miller at courtesan.com
Fri Feb 15 15:21:38 EST 2008
In message <92e3e00f0802150751m5ae0619fxbbf77b996234771b at mail.gmail.com>
so spake "Niklas Freeman" (niklasfree):
> (2) But if !env_editor had an effect on sudoedit this would improve
> security. Why isn't that done? Am I missing some other option that
> does this? Just setting VISUAL/EDITOR does not seam to be enough, the
> user could just change it before using sudoedit.
>
> And one more thing, assuming that I am somehow able to prevent the
> user from starting emacs and executing any command he wants:
>
> (3) I did run a quick test and tried to write to a file that is only
> writable by root after starting emacs like this.
>
> user# sudoedit /the-only-allowed-file
>
> This was not possible, which obviously is what I wanted. But I don't
> understand how this is possible and as long as I don't know a little
> more about it, I won't trust it enought to enable sudoedit at all.
The whole point using of sudoedit is that the editor is run as the
invoking user and not as the privileged user. If you sudoedit a
file using emacs, escape to a shell and run the id command. You
will see that you are *not* root; that's the point of sudoedit.
You are really only editing a temporary file which gets copied into
place by sudoedit after the editor has finished.
- todd
More information about the sudo-users
mailing list