Package: sudo
Version: 1.7.2p1-1
Severity: minor
Tags: patch
The visudo manpage in Lenny contains some Debian-specific text regarding
the choice of editor:

    "On Debian systems, this list defaults to /usr/bin/editor, which
    is meant to be a system-wide default editor chosen through the
    alternatives system."

    "Despite this potential risk, sudo on Debian is compiled with the
    --with-enveditor flag"

However, this is missing in the sid version.  It *is* present in the
source package's visudo.man.in, but at build time this is regenerated
from visudo.pod, which was not changed.

The attached patch adds the text to the POD.  It also fixes a minor
error (--with-enveditor should be --with-env-editor).  It might also
be worthwhile to stop patching the .man.in, since it will be regenerated
at build time anyway.


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-openvz-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sudo depends on:
ii  libc6                         2.10.1-5   GNU C Library: Shared libraries
ii  libpam-modules                1.1.0-4    Pluggable Authentication Modules f
ii  libpam0g                      1.1.0-4    Pluggable Authentication Modules l

sudo recommends no packages.

sudo suggests no packages.

-- no debconf information
--- sudo-1.7.2p1/visudo.pod     2008-11-15 13:34:01.000000000 -0500
+++ sudo-1.7.2p1-manpage/visudo.pod     2009-11-07 18:54:00.841321731 -0500
@@ -39,15 +39,18 @@
 
 There is a hard-coded list of editors that B<visudo> will use set
 at compile-time that may be overridden via the I<editor> I<sudoers>
-C<Default> variable.  This list defaults to the path to L<vi(1)> on
-your system, as determined by the I<configure> script.  Normally,
+C<Default> variable.  On Debian systems, this list defaults to
+/usr/bin/editor, which is meant to be a system-wide default editor
+chosen through the alternatives system.  Normally,
 B<visudo> does not honor the C<VISUAL> or C<EDITOR> environment
 variables unless they contain an editor in the aforementioned editors
-list.  However, if B<visudo> is configured with the I<--with-enveditor>
+list.  However, if B<visudo> is configured with the I<--with-env-editor>
 option or the I<env_editor> C<Default> variable is set in I<sudoers>,
 B<visudo> will use any the editor defines by C<VISUAL> or C<EDITOR>.
 Note that this can be a security hole since it allows the user to
 execute any program they wish simply by setting C<VISUAL> or C<EDITOR>.
+Despite this potential risk, sudo on Debian is compiled with the
+I<--with-env-editor> flag.
 
 B<visudo> parses the I<sudoers> file after the edit and will
 not save the changes if there is a syntax error.  Upon finding

Reply via email to