suedit revisited?

[William R Ward]

A while ago I proposed a new utility called "suedit" which would allow
one to edit files that one does not ordinarly have write permission
on, without giving away the farm (since most editors allow shell
escapes).

But that was in the middle of a big push to get a new version of sudo
out, so discussion on it was tabled.  I'd like to bring it up again
though, since I still think it's a good idea.

Here's a rough outline of the pseudocode as I see it:

* Use root privileges to copy the file, owned by the real user, mode 600.
* Use user privileges to $EDITOR the copy of the file. (or $VISUAL if
  run as suvi)
* Use root privileges to copy the edited file back to the original location.

File locking should be employed, at a minimum so that other suedit
sessions won't interfere, but ideally so that other editors will
refuse to edit the file when run by root directly.

While this can be done as a shell script, for optimum security and to
make the config file easy to update, I think it should be done as a
binary.

Comments?  Questions?  Ideas?

-- 
William R Ward            bill at wards.net          http://www.wards.net/~bill/
-----------------------------------------------------------------------------
AMAZING BUT TRUE: There is so much sand in northern Africa that if it were
                  spread out it would completely cover the Sahara Desert!