visudo enhancement to edit-syntax-check arbitrary files
Bob Proulx
rwp at hprwp.fc.hp.com
Fri Dec 14 16:09:28 EST 2001
> >Oh, you mean the "suedit" idea. Sorry, yes, I was confused by
> >the mail Subject here. I don't object to the idea of "suedit",
> >though I'm not sure whether or not it should really be part of
> >visudo or a separate program/script.
> >
> >But it will have to wait until after sudo 1.6.4 is out.
>
> It's a pretty major change, so I can appreciate that you would not
> release it without some serious thought.
I rather liked the idea of a "helper" program, which would give up
superuser access to become a non-privileged user for spawning subtasks
in general, and then resume root afterward. I can't think of anything
right now but if that was general purpose then other needs than just
editing files would present themselves. I would not limit it to just
editing files.
I would not modify sudo in any way. IMNHO this should be a separate
utility. Keep the design modular and each program focused on what it
does best. Creeping features and code bloat lead to undiscovered bugs
which in turn cause security issues when dealing with suid programs.
Bob
More information about the sudo-workers
mailing list