visudo enhancement to edit-syntax-check arbitrary files

Todd C. Miller Todd.Miller at
Fri Dec 14 12:30:48 EST 2001

In message <15385.45506.461372.951014 at>
	so spake  (bill):

> My understanding is that visudo requires you to already be root.  I
> think that it is important to have the editor *not* run as uid 0 due
> to the fact that you can launch sub-processes, edit other files, etc.
> See the CAVEATS section in the man page for visudo.

I see no point in running visudo as a uid other than 0 since if
you can edit sudoers, you can grant yourself permission to run
whatever you like.

 - todd

More information about the sudo-workers mailing list