[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: vipw and vigr default editor

On Fri, Jan 05, 2018 at 09:37:16PM +0100, Ulf Volmer wrote:
> That basically keeps the *whole* environment, what is usually a security
> issue. Better solution is to keep only needed and proved environment
> variables using
> Defaults  env_keep += "EDITOR"
Allowing the EDITOR variable through is a gigantic security issue.  Its
value gets passed as a command to the shell:

roberto@debian:~$ sudo EDITOR='echo "I have the power!"' vipw
I have the power! /etc/passwd.edit
vipw: /etc/passwd is unchanged

There is essentially no functional difference between allowing only the
EDITOR variable and any arbitrary environment variable.  Allowing EDITOR
(or PAGER, or any other thing that sets the name of a command to
execute) through to sudo provides an effective route to bypass any sudo



Roberto C. Sánchez

Reply to: