visudo enhancement to edit-syntax-check arbitrary files
Todd C. Miller
Todd.Miller at courtesan.com
Fri Dec 14 12:30:48 EST 2001
In message <15385.45506.461372.951014 at komodo.home.wards.net>
so spake (bill):
> My understanding is that visudo requires you to already be root. I
> think that it is important to have the editor *not* run as uid 0 due
> to the fact that you can launch sub-processes, edit other files, etc.
> See the CAVEATS section in the man page for visudo.
I see no point in running visudo as a uid other than 0 since if
you can edit sudoers, you can grant yourself permission to run
whatever you like.
- todd
More information about the sudo-workers
mailing list