Re: vipw and vigr default editor
On Fri, Jan 05, 2018 at 09:37:16PM +0100, Ulf Volmer wrote:
>
> That basically keeps the *whole* environment, what is usually a security
> issue. Better solution is to keep only needed and proved environment
> variables using
>
> Defaults env_keep += "EDITOR"
>
Allowing the EDITOR variable through is a gigantic security issue. Its
value gets passed as a command to the shell:
roberto@debian:~$ sudo EDITOR='echo "I have the power!"' vipw
I have the power! /etc/passwd.edit
vipw: /etc/passwd is unchanged
There is essentially no functional difference between allowing only the
EDITOR variable and any arbitrary environment variable. Allowing EDITOR
(or PAGER, or any other thing that sets the name of a command to
execute) through to sudo provides an effective route to bypass any sudo
restrictions.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: