isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Substitute the value of EDITOR into the sudoers and visudo manuals.

Browse Source
This commit is contained in:
Todd C. Miller
2010-07-14 09:33:53 -04:00
parent fde091cc00
commit 26ca852a98
9 changed files with 169 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
aclocal.m4 vendored
View File

@@ -35,25 +35,19 @@ fi
])dnl ])dnl
dnl dnl
dnl check for vi dnl check for vi in well-known locations
dnl dnl
AC_DEFUN(SUDO_PROG_VI, [AC_MSG_CHECKING(for vi) AC_DEFUN(SUDO_PROG_VI, [AC_MSG_CHECKING([for vi])
if test -f "/usr/bin/vi"; then found=no
AC_MSG_RESULT(/usr/bin/vi) for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do
SUDO_DEFINE(_PATH_VI, "/usr/bin/vi") if test -f "$editor"; then
elif test -f "/usr/ucb/vi"; then found=yes
AC_MSG_RESULT(/usr/ucb/vi) AC_MSG_RESULT([$editor])
SUDO_DEFINE(_PATH_VI, "/usr/ucb/vi") SUDO_DEFINE_UNQUOTED(_PATH_VI, "$editor")
elif test -f "/usr/bsd/vi"; then break
AC_MSG_RESULT(/usr/bsd/vi) fi
SUDO_DEFINE(_PATH_VI, "/usr/bsd/vi") done
elif test -f "/bin/vi"; then if test X"$found" != X"no"; then
AC_MSG_RESULT(/bin/vi)
SUDO_DEFINE(_PATH_VI, "/bin/vi")
elif test -f "/usr/local/bin/vi"; then
AC_MSG_RESULT(/usr/local/bin/vi)
SUDO_DEFINE(_PATH_VI, "/usr/local/bin/vi")
else
AC_MSG_RESULT(not found) AC_MSG_RESULT(not found)
fi fi
])dnl ])dnl

93
configure vendored
View File

@@ -785,6 +785,7 @@ OBJEXT
EXEEXT EXEEXT
ac_ct_CC ac_ct_CC
CC CC
editor
secure_path secure_path
netsvc_conf netsvc_conf
nsswitch_conf nsswitch_conf
@@ -2780,6 +2781,7 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
# #
@@ -2807,6 +2809,7 @@ badpass_message="Sorry, try again."
fqdn=off fqdn=off
runas_default=root runas_default=root
env_editor=off env_editor=off
editor=vi
passwd_tries=3 passwd_tries=3
tty_tickets=off tty_tickets=off
insults=off insults=off
@@ -4682,6 +4685,7 @@ _ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_editor" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_editor" >&5
$as_echo "$with_editor" >&6; } $as_echo "$with_editor" >&6; }
editor="$with_editor"
;; ;;
esac esac
else else
@@ -5082,10 +5086,9 @@ if test "${with_askpass+set}" = set; then :
yes) as_fn_error "\"--with-askpass takes a path as an argument.\"" "$LINENO" 5 yes) as_fn_error "\"--with-askpass takes a path as an argument.\"" "$LINENO" 5
;; ;;
no) ;; no) ;;
*) *) cat >>confdefs.h <<EOF
cat >>confdefs.h <<_ACEOF
#define _PATH_SUDO_ASKPASS "$with_askpass" #define _PATH_SUDO_ASKPASS "$with_askpass"
_ACEOF EOF
;; ;;
esac esac
@@ -6934,13 +6937,13 @@ if test "${lt_cv_nm_interface+set}" = set; then :
else else
lt_cv_nm_interface="BSD nm" lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext echo "int some_variable = 0;" > conftest.$ac_ext
(eval echo "\"\$as_me:6937: $ac_compile\"" >&5) (eval echo "\"\$as_me:6940: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err) (eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5 cat conftest.err >&5
(eval echo "\"\$as_me:6940: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval echo "\"\$as_me:6943: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5 cat conftest.err >&5
(eval echo "\"\$as_me:6943: output\"" >&5) (eval echo "\"\$as_me:6946: output\"" >&5)
cat conftest.out >&5 cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin" lt_cv_nm_interface="MS dumpbin"
@@ -8145,7 +8148,7 @@ ia64-*-hpux*)
;; ;;
*-*-irix6*) *-*-irix6*)
# Find out which ABI we are using. # Find out which ABI we are using.
echo '#line 8148 "configure"' > conftest.$ac_ext echo '#line 8151 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5 (eval $ac_compile) 2>&5
ac_status=$? ac_status=$?
@@ -9406,11 +9409,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:9409: $lt_compile\"" >&5) (eval echo "\"\$as_me:9412: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:9413: \$? = $ac_status" >&5 echo "$as_me:9416: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@@ -9745,11 +9748,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:9748: $lt_compile\"" >&5) (eval echo "\"\$as_me:9751: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:9752: \$? = $ac_status" >&5 echo "$as_me:9755: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@@ -9850,11 +9853,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:9853: $lt_compile\"" >&5) (eval echo "\"\$as_me:9856: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err) (eval "$lt_compile" 2>out/conftest.err)
ac_status=$? ac_status=$?
cat out/conftest.err >&5 cat out/conftest.err >&5
echo "$as_me:9857: \$? = $ac_status" >&5 echo "$as_me:9860: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext if (exit $ac_status) && test -s out/conftest2.$ac_objext
then then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
@@ -9905,11 +9908,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:9908: $lt_compile\"" >&5) (eval echo "\"\$as_me:9911: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err) (eval "$lt_compile" 2>out/conftest.err)
ac_status=$? ac_status=$?
cat out/conftest.err >&5 cat out/conftest.err >&5
echo "$as_me:9912: \$? = $ac_status" >&5 echo "$as_me:9915: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext if (exit $ac_status) && test -s out/conftest2.$ac_objext
then then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
@@ -12272,7 +12275,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF cat > conftest.$ac_ext <<_LT_EOF
#line 12275 "configure" #line 12278 "configure"
#include "confdefs.h" #include "confdefs.h"
#if HAVE_DLFCN_H #if HAVE_DLFCN_H
@@ -12368,7 +12371,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF cat > conftest.$ac_ext <<_LT_EOF
#line 12371 "configure" #line 12374 "configure"
#include "confdefs.h" #include "confdefs.h"
#if HAVE_DLFCN_H #if HAVE_DLFCN_H
@@ -13792,42 +13795,20 @@ fi
if test -z "$with_editor"; then if test -z "$with_editor"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for vi" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for vi" >&5
$as_echo_n "checking for vi... " >&6; } $as_echo_n "checking for vi... " >&6; }
if test -f "/usr/bin/vi"; then found=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/bin/vi" >&5 for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do
$as_echo "/usr/bin/vi" >&6; } if test -f "$editor"; then
cat >>confdefs.h <<\EOF found=yes
#define _PATH_VI "/usr/bin/vi" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $editor" >&5
$as_echo "$editor" >&6; }
cat >>confdefs.h <<EOF
#define _PATH_VI "$editor"
EOF EOF
elif test -f "/usr/ucb/vi"; then break
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/ucb/vi" >&5 fi
$as_echo "/usr/ucb/vi" >&6; } done
cat >>confdefs.h <<\EOF if test X"$found" != X"no"; then
#define _PATH_VI "/usr/ucb/vi"
EOF
elif test -f "/usr/bsd/vi"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/bsd/vi" >&5
$as_echo "/usr/bsd/vi" >&6; }
cat >>confdefs.h <<\EOF
#define _PATH_VI "/usr/bsd/vi"
EOF
elif test -f "/bin/vi"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /bin/vi" >&5
$as_echo "/bin/vi" >&6; }
cat >>confdefs.h <<\EOF
#define _PATH_VI "/bin/vi"
EOF
elif test -f "/usr/local/bin/vi"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/local/bin/vi" >&5
$as_echo "/usr/local/bin/vi" >&6; }
cat >>confdefs.h <<\EOF
#define _PATH_VI "/usr/local/bin/vi"
EOF
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
$as_echo "not found" >&6; } $as_echo "not found" >&6; }
fi fi
@@ -18234,18 +18215,16 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
INSTALL_NOEXEC="install-noexec" INSTALL_NOEXEC="install-noexec"
eval noexec_file="$with_noexec" eval noexec_file="$with_noexec"
cat >>confdefs.h <<EOF
cat >>confdefs.h <<_ACEOF
#define _PATH_SUDO_NOEXEC "$noexec_file" #define _PATH_SUDO_NOEXEC "$noexec_file"
_ACEOF EOF
fi fi
if test X"$with_selinux" != X"no"; then if test X"$with_selinux" != X"no"; then
eval sesh_file="$libexecdir/sesh" eval sesh_file="$libexecdir/sesh"
cat >>confdefs.h <<EOF
cat >>confdefs.h <<_ACEOF
#define _PATH_SUDO_SESH "$sesh_file" #define _PATH_SUDO_SESH "$sesh_file"
_ACEOF EOF
fi fi
eval PLUGINDIR="$with_plugindir" eval PLUGINDIR="$with_plugindir"

9
configure.in
View File

@@ -96,6 +96,7 @@ AC_SUBST([ldap_secret])
AC_SUBST([nsswitch_conf]) AC_SUBST([nsswitch_conf])
AC_SUBST([netsvc_conf]) AC_SUBST([netsvc_conf])
AC_SUBST([secure_path]) AC_SUBST([secure_path])
AC_SUBST([editor])
# #
# Begin initial values for man page substitution # Begin initial values for man page substitution
# #
@@ -121,6 +122,7 @@ badpass_message="Sorry, try again."
fqdn=off fqdn=off
runas_default=root runas_default=root
env_editor=off env_editor=off
editor=vi
passwd_tries=3 passwd_tries=3
tty_tickets=off tty_tickets=off
insults=off insults=off
@@ -847,6 +849,7 @@ AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for vi
;; ;;
*) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
AC_MSG_RESULT([$with_editor]) AC_MSG_RESULT([$with_editor])
editor="$with_editor"
;; ;;
esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)]) esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
@@ -1088,7 +1091,7 @@ AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pat
yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."]) yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
;; ;;
no) ;; no) ;;
*) AC_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass]) *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
;; ;;
esac], AC_MSG_RESULT(no)) esac], AC_MSG_RESULT(no))
@@ -2741,11 +2744,11 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
INSTALL_NOEXEC="install-noexec" INSTALL_NOEXEC="install-noexec"
eval noexec_file="$with_noexec" eval noexec_file="$with_noexec"
AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
fi fi
if test X"$with_selinux" != X"no"; then if test X"$with_selinux" != X"no"; then
eval sesh_file="$libexecdir/sesh" eval sesh_file="$libexecdir/sesh"
AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
fi fi
eval PLUGINDIR="$with_plugindir" eval PLUGINDIR="$with_plugindir"
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/") SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")

144
doc/sudoers.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.8.0b1 July 2, 2010 1 1.8.0b1 July 14, 2010 1
@@ -127,7 +127,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
1.8.0b1 July 2, 2010 2 1.8.0b1 July 14, 2010 2
@@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 3 1.8.0b1 July 14, 2010 3
@@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 4 1.8.0b1 July 14, 2010 4
@@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 5 1.8.0b1 July 14, 2010 5
@@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 6 1.8.0b1 July 14, 2010 6
@@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 7 1.8.0b1 July 14, 2010 7
@@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 8 1.8.0b1 July 14, 2010 8
@@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 9 1.8.0b1 July 14, 2010 9
@@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 10 1.8.0b1 July 14, 2010 10
@@ -721,7 +721,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
1.8.0b1 July 2, 2010 11 1.8.0b1 July 14, 2010 11
@@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 12 1.8.0b1 July 14, 2010 12
@@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 13 1.8.0b1 July 14, 2010 13
@@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 14 1.8.0b1 July 14, 2010 14
@@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 15 1.8.0b1 July 14, 2010 15
@@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 16 1.8.0b1 July 14, 2010 16
@@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 17 1.8.0b1 July 14, 2010 17
@@ -1154,8 +1154,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
used with vviissuuddoo. vviissuuddoo will choose the editor that used with vviissuuddoo. vviissuuddoo will choose the editor that
matches the user's EDITOR environment variable if matches the user's EDITOR environment variable if
possible, or the first editor in the list that exists possible, or the first editor in the list that exists
and is executable. The default is the path to vi on and is executable. The default is "vi".
your system.
mailsub Subject of the mail sent to the _m_a_i_l_t_o user. The escape mailsub Subject of the mail sent to the _m_a_i_l_t_o user. The escape
%h will expand to the host name of the machine. %h will expand to the host name of the machine.
@@ -1180,10 +1179,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
%h expanded to the local host name without the domain %h expanded to the local host name without the domain
name name
%p expanded to the user whose password is being asked
1.8.0b1 July 2, 2010 18 1.8.0b1 July 14, 2010 18
@@ -1192,7 +1192,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
%p expanded to the user whose password is being asked
for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w
flags in _s_u_d_o_e_r_s) flags in _s_u_d_o_e_r_s)
@@ -1246,10 +1245,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
terminal is available. This may be the case when ssuuddoo is terminal is available. This may be the case when ssuuddoo is
executed from a graphical (as opposed to text-based) executed from a graphical (as opposed to text-based)
application. The program specified by _a_s_k_p_a_s_s should application. The program specified by _a_s_k_p_a_s_s should
display the argument passed to it as the prompt and write
1.8.0b1 July 2, 2010 19 1.8.0b1 July 14, 2010 19
@@ -1258,7 +1258,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
display the argument passed to it as the prompt and write
the user's password to the standard output. The value of the user's password to the standard output. The value of
_a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment
variable. variable.
@@ -1312,10 +1311,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
will be used in place of the standard lecture if the named will be used in place of the standard lecture if the named
file exists. By default, ssuuddoo uses a built-in lecture. file exists. By default, ssuuddoo uses a built-in lecture.
listpw This option controls when a password will be required when
1.8.0b1 July 2, 2010 20 1.8.0b1 July 14, 2010 20
@@ -1324,7 +1324,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
listpw This option controls when a password will be required when
a user runs ssuuddoo with the --ll option. It has the following a user runs ssuuddoo with the --ll option. It has the following
possible values: possible values:
@@ -1381,7 +1380,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 21
1.8.0b1 July 14, 2010 21
@@ -1447,7 +1447,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.8.0b1 July 2, 2010 22 1.8.0b1 July 14, 2010 22
@@ -1484,7 +1484,13 @@ FFIILLEESS
EEXXAAMMPPLLEESS EEXXAAMMPPLLEESS
Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit
contrived. First, we define our _a_l_i_a_s_e_s: contrived. First, we allow a few environment variables to pass and
then define our _a_l_i_a_s_e_s:
# Run X applications through sudo; HOME is used to find .Xauthority file
# Note that some programs may use HOME for other purposes too and
# this may lead to privilege escalation!
Defaults env_keep = "DISPLAY HOME"
# User alias specification # User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias FULLTIMERS = millert, mikef, dowdy
@@ -1504,16 +1510,10 @@ EEXXAAMMPPLLEESS
Host_Alias CUNETS = 128.138.0.0/255.255.0.0 Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
Cmnd_Alias KILL = /usr/bin/kill
1.8.0b1 July 2, 2010 23 1.8.0b1 July 14, 2010 23
@@ -1522,6 +1522,12 @@ EEXXAAMMPPLLEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Host_Alias CDROM = orion, perseus, hercules
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
/usr/sbin/restore, /usr/sbin/rrestore
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt Cmnd_Alias HALT = /usr/sbin/halt
@@ -1571,15 +1577,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
any host but they must authenticate themselves first (since the entry any host but they must authenticate themselves first (since the entry
lacks the NOPASSWD tag). lacks the NOPASSWD tag).
jack CSNETS = ALL
The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias
(the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of
those networks, only 128.138.204.0 has an explicit netmask (in CIDR
1.8.0b1 July 14, 2010 24
1.8.0b1 July 2, 2010 24
@@ -1588,6 +1588,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
jack CSNETS = ALL
The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias
(the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0). Of
those networks, only 128.138.204.0 has an explicit netmask (in CIDR
notation) indicating it is a class C network. For the other networks notation) indicating it is a class C network. For the other networks
in _C_S_N_E_T_S, the local machine's netmask will be used during matching. in _C_S_N_E_T_S, the local machine's netmask will be used during matching.
@@ -1637,15 +1642,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
fred ALL = (DB) NOPASSWD: ALL fred ALL = (DB) NOPASSWD: ALL
The user ffrreedd can run commands as any user in the _D_B Runas_Alias
(oorraaccllee or ssyybbaassee) without giving a password.
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
1.8.0b1 July 14, 2010 25
1.8.0b1 July 2, 2010 25
@@ -1654,6 +1654,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
The user ffrreedd can run commands as any user in the _D_B Runas_Alias
(oorraaccllee or ssyybbaassee) without giving a password.
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is
not allowed to specify any options to the _s_u(1) command. not allowed to specify any options to the _s_u(1) command.
@@ -1703,15 +1708,10 @@ SSEECCUURRIITTYY NNOOTTEESS
Doesn't really prevent bbiillll from running the commands listed in _S_U or Doesn't really prevent bbiillll from running the commands listed in _S_U or
_S_H_E_L_L_S since he can simply copy those commands to a different name, or _S_H_E_L_L_S since he can simply copy those commands to a different name, or
use a shell escape from an editor or other program. Therefore, these use a shell escape from an editor or other program. Therefore, these
kind of restrictions should be considered advisory at best (and
reinforced by policy).
Furthermore, if the _f_a_s_t___g_l_o_b option is in use, it is not possible to
reliably negate commands where the path name includes globbing (aka
1.8.0b1 July 2, 2010 26 1.8.0b1 July 14, 2010 26
@@ -1720,6 +1720,11 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
kind of restrictions should be considered advisory at best (and
reinforced by policy).
Furthermore, if the _f_a_s_t___g_l_o_b option is in use, it is not possible to
reliably negate commands where the path name includes globbing (aka
wildcard) characters. This is because the C library's _f_n_m_a_t_c_h(3) wildcard) characters. This is because the C library's _f_n_m_a_t_c_h(3)
function cannot resolve relative paths. While this is typically only function cannot resolve relative paths. While this is typically only
an inconvenience for rules that grant privileges, it can result in a an inconvenience for rules that grant privileges, it can result in a
@@ -1769,15 +1774,10 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
File containing dummy exec functions: File containing dummy exec functions:
then ssuuddoo may be able to replace the exec family of functions
in the standard library with its own that simply return an
error. Unfortunately, there is no foolproof way to know
whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c
should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX,
1.8.0b1 July 2, 2010 27 1.8.0b1 July 14, 2010 27
@@ -1786,6 +1786,11 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
then ssuuddoo may be able to replace the exec family of functions
in the standard library with its own that simply return an
error. Unfortunately, there is no foolproof way to know
whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c
should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX,
MacOS X, and HP-UX 11.x. It is known nnoott to work on AIX and MacOS X, and HP-UX 11.x. It is known nnoott to work on AIX and
UnixWare. _n_o_e_x_e_c is expected to work on most operating UnixWare. _n_o_e_x_e_c is expected to work on most operating
systems that support the LD_PRELOAD environment variable. systems that support the LD_PRELOAD environment variable.
@@ -1835,15 +1840,10 @@ SSEECCUURRIITTYY NNOOTTEESS
On systems where the boot time is available, _s_u_d_o_e_r_s will ignore time On systems where the boot time is available, _s_u_d_o_e_r_s will ignore time
stamps that date from before the machine booted. stamps that date from before the machine booted.
Since time stamp files live in the file system, they can outlive a
user's login session. As a result, a user may be able to login, run a
command with ssuuddoo after authenticating, logout, login again, and run
ssuuddoo without authenticating so long as the time stamp file's
modification time is within 5 minutes (or whatever the timeout is set
1.8.0b1 July 2, 2010 28 1.8.0b1 July 14, 2010 28
@@ -1852,6 +1852,11 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Since time stamp files live in the file system, they can outlive a
user's login session. As a result, a user may be able to login, run a
command with ssuuddoo after authenticating, logout, login again, and run
ssuuddoo without authenticating so long as the time stamp file's
modification time is within 5 minutes (or whatever the timeout is set
to in _s_u_d_o_e_r_s). When the _t_t_y___t_i_c_k_e_t_s option is enabled, the time stamp to in _s_u_d_o_e_r_s). When the _t_t_y___t_i_c_k_e_t_s option is enabled, the time stamp
has per-tty granularity but still may outlive the user's session. On has per-tty granularity but still may outlive the user's session. On
Linux systems where the devpts filesystem is used, Solaris systems with Linux systems where the devpts filesystem is used, Solaris systems with
@@ -1904,11 +1909,6 @@ DDIISSCCLLAAIIMMEERR
1.8.0b1 July 14, 2010 29
1.8.0b1 July 2, 2010 29

13
doc/sudoers.man.in
View File

@@ -148,7 +148,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDOERS @mansectform@" .IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "July 2, 2010" "1.8.0b1" "MAINTENANCE COMMANDS" .TH SUDOERS @mansectform@ "July 14, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@@ -1188,8 +1188,7 @@ The default is \f(CW\*(C`@badpass_message@\*(C'\fR unless insults are enabled.
A colon (':') separated list of editors allowed to be used with A colon (':') separated list of editors allowed to be used with
\&\fBvisudo\fR. \fBvisudo\fR will choose the editor that matches the user's \&\fBvisudo\fR. \fBvisudo\fR will choose the editor that matches the user's
\&\s-1EDITOR\s0 environment variable if possible, or the first editor in the \&\s-1EDITOR\s0 environment variable if possible, or the first editor in the
list that exists and is executable. The default is the path to vi list that exists and is executable. The default is \f(CW"@editor@"\fR.
on your system.
.IP "mailsub" 16 .IP "mailsub" 16
.IX Item "mailsub" .IX Item "mailsub"
Subject of the mail sent to the \fImailto\fR user. The escape \f(CW%h\fR Subject of the mail sent to the \fImailto\fR user. The escape \f(CW%h\fR
@@ -1512,9 +1511,15 @@ Initial environment for \fB\-i\fR mode on Linux and \s-1AIX\s0
.SH "EXAMPLES" .SH "EXAMPLES"
.IX Header "EXAMPLES" .IX Header "EXAMPLES"
Below are example \fIsudoers\fR entries. Admittedly, some of Below are example \fIsudoers\fR entries. Admittedly, some of
these are a bit contrived. First, we define our \fIaliases\fR: these are a bit contrived. First, we allow a few environment
variables to pass and then define our \fIaliases\fR:
.PP .PP
.Vb 4 .Vb 4
\& # Run X applications through sudo; HOME is used to find .Xauthority file
\& # Note that some programs may use HOME for other purposes too and
\& # this may lead to privilege escalation!
\& Defaults env_keep = "DISPLAY HOME"
\&
\& # User alias specification \& # User alias specification
\& User_Alias FULLTIMERS = millert, mikef, dowdy \& User_Alias FULLTIMERS = millert, mikef, dowdy
\& User_Alias PARTTIMERS = bostley, jwfox, crawl \& User_Alias PARTTIMERS = bostley, jwfox, crawl

11
doc/sudoers.pod
View File

@@ -1107,8 +1107,7 @@ The default is C<@badpass_message@> unless insults are enabled.
A colon (':') separated list of editors allowed to be used with A colon (':') separated list of editors allowed to be used with
B<visudo>. B<visudo> will choose the editor that matches the user's B<visudo>. B<visudo> will choose the editor that matches the user's
EDITOR environment variable if possible, or the first editor in the EDITOR environment variable if possible, or the first editor in the
list that exists and is executable. The default is the path to vi list that exists and is executable. The default is C<"@editor@">.
on your system.
=item mailsub =item mailsub
@@ -1483,7 +1482,13 @@ Initial environment for B<-i> mode on Linux and AIX
=head1 EXAMPLES =head1 EXAMPLES
Below are example I<sudoers> entries. Admittedly, some of Below are example I<sudoers> entries. Admittedly, some of
these are a bit contrived. First, we define our I<aliases>: these are a bit contrived. First, we allow a few environment
variables to pass and then define our I<aliases>:
# Run X applications through sudo; HOME is used to find .Xauthority file
# Note that some programs may use HOME for other purposes too and
# this may lead to privilege escalation!
Defaults env_keep = "DISPLAY HOME"
# User alias specification # User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy User_Alias FULLTIMERS = millert, mikef, dowdy

34
doc/visudo.cat
View File

@@ -17,17 +17,16 @@ DDEESSCCRRIIPPTTIIOONN
_s_u_d_o_e_r_s file is currently being edited you will receive a message to _s_u_d_o_e_r_s file is currently being edited you will receive a message to
try again later. try again later.
There is a hard-coded list of editors that vviissuuddoo will use set at There is a hard-coded list of one or more editors that vviissuuddoo will use
compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s Default set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s
variable. This list defaults to the path to _v_i(1) on your system, as Default variable. This list defaults to "vi". Normally, vviissuuddoo does
determined by the _c_o_n_f_i_g_u_r_e script. Normally, vviissuuddoo does not honor not honor the VISUAL or EDITOR environment variables unless they
the VISUAL or EDITOR environment variables unless they contain an contain an editor in the aforementioned editors list. However, if
editor in the aforementioned editors list. However, if vviissuuddoo is vviissuuddoo is configured with the _-_-_w_i_t_h_-_e_n_v_-_e_d_i_t_o_r option or the
configured with the _-_-_w_i_t_h_-_e_n_v_e_d_i_t_o_r option or the _e_n_v___e_d_i_t_o_r Default _e_n_v___e_d_i_t_o_r Default variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the
variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the editor defines by editor defines by VISUAL or EDITOR. Note that this can be a security
VISUAL or EDITOR. Note that this can be a security hole since it hole since it allows the user to execute any program they wish simply
allows the user to execute any program they wish simply by setting by setting VISUAL or EDITOR.
VISUAL or EDITOR.
vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the
changes if there is a syntax error. Upon finding an error, vviissuuddoo will changes if there is a syntax error. Upon finding an error, vviissuuddoo will
@@ -58,10 +57,11 @@ OOPPTTIIOONNSS
appended to it. appended to it.
-q Enable qquuiieett mode. In this mode details about syntax -q Enable qquuiieett mode. In this mode details about syntax
errors are not printed. This option is only useful when
1.8.0b1 June 11, 2010 1 1.8.0b1 July 14, 2010 1
@@ -70,7 +70,6 @@ OOPPTTIIOONNSS
VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
errors are not printed. This option is only useful when
combined with the --cc option. combined with the --cc option.
-s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an alias is -s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an alias is
@@ -124,10 +123,11 @@ SSEEEE AALLSSOO
AAUUTTHHOORR AAUUTTHHOORR
Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo
was written by:
1.8.0b1 June 11, 2010 2 1.8.0b1 July 14, 2010 2
@@ -136,8 +136,6 @@ AAUUTTHHOORR
VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
was written by:
Todd Miller Todd Miller
See the HISTORY file in the sudo distribution or visit See the HISTORY file in the sudo distribution or visit
@@ -193,6 +191,8 @@ DDIISSCCLLAAIIMMEERR
1.8.0b1 June 11, 2010 3
1.8.0b1 July 14, 2010 3

11
doc/visudo.man.in
View File

@@ -144,7 +144,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "VISUDO @mansectsu@" .IX Title "VISUDO @mansectsu@"
.TH VISUDO @mansectsu@ "June 11, 2010" "1.8.0b1" "MAINTENANCE COMMANDS" .TH VISUDO @mansectsu@ "July 14, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents. .\" way too many mistakes in technical documents.
.if n .ad l .if n .ad l
@@ -162,13 +162,12 @@ simultaneous edits, provides basic sanity checks, and checks
for parse errors. If the \fIsudoers\fR file is currently being for parse errors. If the \fIsudoers\fR file is currently being
edited you will receive a message to try again later. edited you will receive a message to try again later.
.PP .PP
There is a hard-coded list of editors that \fBvisudo\fR will use set There is a hard-coded list of one or more editors that \fBvisudo\fR will
at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR use set at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR
\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on \&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to \f(CW"@editor@"\fR. Normally,
your system, as determined by the \fIconfigure\fR script. Normally,
\&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment \&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment
variables unless they contain an editor in the aforementioned editors variables unless they contain an editor in the aforementioned editors
list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-env\-editor\fR
option or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, option or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR,
\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR. \&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.
Note that this can be a security hole since it allows the user to Note that this can be a security hole since it allows the user to

9
doc/visudo.pod
View File

@@ -36,13 +36,12 @@ simultaneous edits, provides basic sanity checks, and checks
for parse errors. If the I<sudoers> file is currently being for parse errors. If the I<sudoers> file is currently being
edited you will receive a message to try again later. edited you will receive a message to try again later.
There is a hard-coded list of editors that B<visudo> will use set There is a hard-coded list of one or more editors that B<visudo> will
at compile-time that may be overridden via the I<editor> I<sudoers> use set at compile-time that may be overridden via the I<editor> I<sudoers>
C<Default> variable. This list defaults to the path to L<vi(1)> on C<Default> variable. This list defaults to C<"@editor@">. Normally,
your system, as determined by the I<configure> script. Normally,
B<visudo> does not honor the C<VISUAL> or C<EDITOR> environment B<visudo> does not honor the C<VISUAL> or C<EDITOR> environment
variables unless they contain an editor in the aforementioned editors variables unless they contain an editor in the aforementioned editors
list. However, if B<visudo> is configured with the I<--with-enveditor> list. However, if B<visudo> is configured with the I<--with-env-editor>
option or the I<env_editor> C<Default> variable is set in I<sudoers>, option or the I<env_editor> C<Default> variable is set in I<sudoers>,
B<visudo> will use any the editor defines by C<VISUAL> or C<EDITOR>. B<visudo> will use any the editor defines by C<VISUAL> or C<EDITOR>.
Note that this can be a security hole since it allows the user to Note that this can be a security hole since it allows the user to