157841 – sudo config allows arbitrary execution for editors

Bug 157841 - sudo config allows arbitrary execution for editors

Summary: sudo config allows arbitrary execution for editors

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Default Configs (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-12-11 09:24 UTC by Luke-Jr
Modified:	2006-12-27 01:12 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luke-Jr 2006-12-11 09:24:29 UTC

Potential security hole in Gentoo's default sudo config-- if I allow any EDITOR variable, someone could use EDITOR=/path/to/badcode with sudoedit

Comment 1 Tavis Ormandy (RETIRED) gentoo-dev

2006-12-11 09:34:11 UTC

sudoedit is only mentioned in the comments in the default sudoers file, and is designed to invoke the editor with the privileges of the user, only the files are moved around as root.

I think this bug is invalid, could you try EDITOR=vim and then !whoami or something.

Comment 2 Luke-Jr 2006-12-11 09:44:15 UTC

Yep, I overlooked that part of sudoedit's operation.