Talk about how the editor must write its changes to the original file and
not just use rename(2).
This commit is contained in:
Todd C. Miller
12
sudo.pod
12
sudo.pod
@@ -194,6 +194,11 @@ B<sudo> is unable to update a file with its edited version, the
|
|||||||
user will receive a warning and the edited copy will remain in a
|
user will receive a warning and the edited copy will remain in a
|
||||||
temporary file.
|
temporary file.
|
||||||
|
|
||||||
|
Please note that the editor used must make its changes to the
|
||||||
|
original file (really the original inode). If the editor makes
|
||||||
|
changes to a temporary file and then just renames this to the
|
||||||
|
original file name it will not work with B<sudoedit>.
|
||||||
|
|
||||||
=item -h
|
=item -h
|
||||||
|
|
||||||
The B<-h> (I<help>) option causes B<sudo> to print a usage message and exit.
|
The B<-h> (I<help>) option causes B<sudo> to print a usage message and exit.
|
||||||
@@ -478,10 +483,9 @@ If users have sudo C<ALL> there is nothing to prevent them from
|
|||||||
creating their own program that gives them a root shell regardless
|
creating their own program that gives them a root shell regardless
|
||||||
of any '!' elements in the user specification.
|
of any '!' elements in the user specification.
|
||||||
|
|
||||||
Running shell scripts via B<sudo> can expose the same kernel bugs
|
Running shell scripts via B<sudo> can expose the same kernel bugs that
|
||||||
that make setuid shell scripts unsafe on some operating systems
|
make setuid shell scripts unsafe on some operating systems (if your OS
|
||||||
(if your OS supports the /dev/fd/ directory, setuid shell scripts
|
has a /dev/fd/ directory, setuid shell scripts are generally safe).
|
||||||
are generally safe).
|
|
||||||
|
|
||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user