FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 12-30-2011, 08:02 PM
Don Juan
 
Default Question about visudo and info in the Wiki

Being new to Arch and finally getting a working system minus the ability
to always be able to cleanly reboot and shutdown every time. I started
reading about securing my install and ran across the Security wiki on
archlinux.org and it states that you can not use the EDITOR envvar.


But in reality you can use this and it allows you the ability to run
nano like it says visudo does not allow you to do. Is it just a bug in
the current release of visudo, am I not understanding the information in
the Wiki properly or? Wouldn't this open up a way larger issue?


Quote: "By default, visudo doesn’t follow EDITOR envvar. Also it’s
regarded as severe security risk since everything can be used as EDITOR
(hello, rootkits!). The best practice is to add the following line to
//etc/sudoers/ (remember to put full path to your favourite editor): "


I have not added anything to my file other than allowing the wheel group
sudo rights. Not trying to start any conspiracy here or anything just
curious, could it be a fubared install on my end? I can do it from the
root user and by issuing sudo EDITOR=nano visudo.


Thank you



My Source:
https://wiki.archlinux.org/index.php/Security
 
Old 12-30-2011, 08:09 PM
Karol Blazewicz
 
Default Question about visudo and info in the Wiki

On Fri, Dec 30, 2011 at 10:02 PM, Don Juan <donjuansjiz@gmail.com> wrote:
> I have not added anything to my file other than allowing the wheel group
> sudo rights. Not trying to start any conspiracy here or anything just
> curious, could it be a fubared install on my end? I can do it from the root
> user and by issuing sudo EDITOR=nano visudo.

Arch builds sudo with '--with-env-editor' so you can use the EDITOR
var like you did, it's not a bug.
http://projects.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/sudo
 
Old 12-30-2011, 08:13 PM
Don Juan
 
Default Question about visudo and info in the Wiki

On 12/30/2011 01:09 PM, Karol Blazewicz wrote:

On Fri, Dec 30, 2011 at 10:02 PM, Don Juan<donjuansjiz@gmail.com> wrote:

I have not added anything to my file other than allowing the wheel group
sudo rights. Not trying to start any conspiracy here or anything just
curious, could it be a fubared install on my end? I can do it from the root
user and by issuing sudo EDITOR=nano visudo.

Arch builds sudo with '--with-env-editor' so you can use the EDITOR
var like you did, it's not a bug.
http://projects.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/sudo
but even as root user I can do it, so wouldn't it not do it under root
since sudo is not involved? Thank you for the link though, still trying
to learn my way around.
 
Old 12-30-2011, 08:18 PM
Karol Blazewicz
 
Default Question about visudo and info in the Wiki

On Fri, Dec 30, 2011 at 10:13 PM, Don Juan <donjuansjiz@gmail.com> wrote:
> but even as root user I can do it, so wouldn't it not do it under root since
> sudo is not involved?

Not sure what you mean here.

Have you tried restricting the use of EDITOR w/o recompiling sudo:
https://wiki.archlinux.org/index.php/Sudo#Using_visudo

# Defaults specification
# Reset environment by default
Defaults env_reset
# Set default EDITOR to vim, and do not allow visudo to use EDITOR/VISUAL.
Defaults editor=/usr/bin/vim, !env_editor
 
Old 12-30-2011, 08:23 PM
Don Juan
 
Default Question about visudo and info in the Wiki

On 12/30/2011 01:18 PM, Karol Blazewicz wrote:

On Fri, Dec 30, 2011 at 10:13 PM, Don Juan<donjuansjiz@gmail.com> wrote:

but even as root user I can do it, so wouldn't it not do it under root since
sudo is not involved?

Not sure what you mean here.

Have you tried restricting the use of EDITOR w/o recompiling sudo:
https://wiki.archlinux.org/index.php/Sudo#Using_visudo

# Defaults specification
# Reset environment by default
Defaults env_reset
# Set default EDITOR to vim, and do not allow visudo to use EDITOR/VISUAL.
Defaults editor=/usr/bin/vim, !env_editor
I just meant if I log in as root I can run the envvar. Its not issue to
me I am just the type to try what things say its not able to do. So I
first tried as a normal user, hence the need for sudo, I understand why
sudo and running the command works (thanks to your link). But if you are
USER root you don't need to run sudo, so hence wouldn't running
EDITOR=nano visudo not work if you are a root user, since sudo is not
involved?
 

Thread Tools




All times are GMT. The time now is 10:53 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org