Hello list, We know it's safer* to use sudoedit, but what bad things can happen if we have the following in sudoers?
Cmnd_Alias FOO = /bin/ed, /usr/bin/ed, /usr/bin/vi foouser LOCALHOST = NOPASSWD: NOEXEC: FOO Can the "foouser" escape to root prompt? - of course besides that he could now edit the /etc/shadow file to put a custom pwd hash to the root user to become root in about 3 seconds.. Maybe some magic in .vimrc? *=sudo vi would run as root. but sudoedit would run as the given user, the edited file will be copied before/after editing it. Thanks.