-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Harald van Dijk wrote: > On Sun, Nov 12, 2006 at 04:56:33AM -0500, Mike Frysinger wrote: >> On 11/12/06, Harald van Dijk <[EMAIL PROTECTED]> wrote: >>> On Sun, Nov 12, 2006 at 04:34:25AM -0500, Mike Frysinger wrote: >>>> On 11/12/06, Peter Volkov (pva) <[EMAIL PROTECTED]> wrote: >>>>> The possible solution is to add virtual/editor ebuild >>>> this is a horrible idea >>>> >>>> why not modify sudo to not filter the EDITOR env var then there is no >>>> more problem >>> Except for a gaping security hole. >> pulling a ciaranm here huh ? if a guy has access to `sudo`, then >> having a modified environment isnt going to make much difference > > sudo can be configured to only allow access to a select few applications. > Allowing arbitrary EDITOR settings completely bypasses this. so force EDITOR to something "secure" (infra uses rvim) but really, visudo, vipw, crontab.... these can all be exploited to gain root access thus making it silly to try to prevent in these cases.
- -- ======================================================= Mike Doty kingtaco -at- gentoo.org Gentoo/AMD64 Strategic Lead Gentoo Council Gentoo Developer Relations Gentoo Recruitment Lead Gentoo Infrastructure GPG: E1A5 1C9C 93FE F430 C1D6 F2AF 806B A2E4 19F4 AE05 ======================================================= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQCVAwUBRVczQIBrouQZ9K4FAQKPrwQAk6vH/W7BRpEK896RE11PpFOJyPKxhYQZ V0UPKHclNs3WEyx4jw8m743hHPQqd8OZ2Dn6GM5H88m9PdH+S7JtickCXH9SmN0w E1ODtFbdS6Hg1T5N3Pghf6K+HWkyyvEBIvoffQW7jFpBAmhSWHBFcAwNuETey6pL sIE+oLQo+48= =5lw7 -----END PGP SIGNATURE----- -- gentoo-dev@gentoo.org mailing list
