On Fri, Jan 05, 2018 at 09:37:16PM +0100, Ulf Volmer wrote: > > That basically keeps the *whole* environment, what is usually a security > issue. Better solution is to keep only needed and proved environment > variables using > > Defaults env_keep += "EDITOR" > Allowing the EDITOR variable through is a gigantic security issue. Its value gets passed as a command to the shell:
roberto@debian:~$ sudo EDITOR='echo "I have the power!"' vipw I have the power! /etc/passwd.edit vipw: /etc/passwd is unchanged There is essentially no functional difference between allowing only the EDITOR variable and any arbitrary environment variable. Allowing EDITOR (or PAGER, or any other thing that sets the name of a command to execute) through to sudo provides an effective route to bypass any sudo restrictions. Regards, -Roberto -- Roberto C. Sánchez
