From cd5829581aa81315e236fc586de7967f20bfc184 Mon Sep 17 00:00:00 2001 From: Bdale Garbee Date: Wed, 16 Apr 2008 00:38:56 -0600 Subject: [PATCH] Imported Debian patch 1.6.9p15-2 --- debian/OPTIONS | 4 ++-- debian/changelog | 11 +++++++++++ debian/rules | 2 +- visudo.man.in | 10 +++++++--- 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/debian/OPTIONS b/debian/OPTIONS index d40a2e7..35710ba 100644 --- a/debian/OPTIONS +++ b/debian/OPTIONS @@ -26,10 +26,10 @@ The following options were used to configure sudo for Debian GNU/Linux. Where logging information goes. --with-env-editor - --with-editor=/usr/bin/vi + --with-editor=/usr/bin/editor Honor the EDITOR and VISUAL environment variables. If they are not - present, default to the preferred vi alternative currently installed. + present, default to the preferred systemwide default editor. --with-timeout=15 --with-password-timeout=0 diff --git a/debian/changelog b/debian/changelog index ec13095..87584cf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +sudo (1.6.9p15-2) unstable; urgency=low + + * revert the fix for 388659 such that visudo once again defaults to using + /usr/bin/editor. I was always ambivalent about this change, it has caused + more confusion and frustration than it cured, and I find Justin's line of + reasoning persuasive. Update the man page source to reflect this choice + and the related use of --with-env-editor. Closes: #474197. + * patch from Petter Reinholdtsen to improve init.d, closes: #475821 + + -- Bdale Garbee Wed, 16 Apr 2008 00:38:56 -0600 + sudo (1.6.9p15-1) unstable; urgency=low * new upstream version, closes: #467126, #473337 diff --git a/debian/rules b/debian/rules index b57dae5..365c062 100755 --- a/debian/rules +++ b/debian/rules @@ -19,7 +19,7 @@ config-stamp: --with-all-insults \ --with-devel --with-pam --with-fqdn \ --with-logging=syslog --with-logfac=authpriv \ - --with-env-editor --with-editor=/usr/bin/vi \ + --with-env-editor --with-editor=/usr/bin/editor \ --with-timeout=15 --with-password-timeout=0 \ --with-passprompt="[sudo] password for %p: " \ --disable-root-mailer --disable-setresuid \ diff --git a/visudo.man.in b/visudo.man.in index 369caf6..0687771 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -165,15 +165,19 @@ edited you will receive a message to try again later. .PP There is a hard-coded list of editors that \fBvisudo\fR will use set at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR -\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on -your system, as determined by the \fIconfigure\fR script. Normally, -\&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment +\&\f(CW\*(C`Default\*(C'\fR variable. +On Debian systems, this list defaults to /usr/bin/editor, which is meant to +be a system-wide default editor chosen through the alternatives system. +Normally, \&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or +\f(CW\*(C`EDITOR\*(C'\fR environment variables unless they contain an editor in the aforementioned editors list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR flag or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, \&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR. +Despite this potential risk, sudo on Debian is compiled with the +\fI\-\-with\-enveditor\fR flag. .PP \&\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will not save the changes if there is a syntax error. Upon finding -- 2.47.2