This thread is really out of control, I doubt anything useful can be born
here, we are just running circles around a chair.
On Fri, 2 Oct 2009 04:54:42 -0500, forgottenwizard
<phrexianrea...@hushmail.com> wrote:
> On Fri, Oct 02, 2009 at 11:40:33AM +0200, Sebastian Be?ler wrote:
>> Am 02.10.2009 11:29, schrieb forgottenwizard:
>> 
>> Then maybe a "custom_editor"-flag that inserts
>> 
>> Defaults        env_keep += "EDITOR VISUAL PAGER"
>> 
>> to /etc/sudoers
>> 
>> With that even emacs users would be satisfied.
>> 
>> Greetings
>> 
>> Sebastian
>> 
> 
> Didn't the maintainer/dev that was dealing with the bug say that he
> wouldn't do that because it was insecure?
> 
> That also doesn't fix the problem that sudo thinks that nano is a safe
> fallback.

The problem is not in the editor, that's just one of the thousand
assumptions people make here that are incorrect. The developers were rather
pointing at the use of keep_env in the sudoers file, which is indeed risky,
and the usage of external variables in the ebuild, which is also not only
insecure, but very bad from every single viewpoint that I can think of.

And anyway, it's true that vimOS and emacOS are not the sanest and more
secure editors for config file, since they can do everything, and a bad
user config for any of these (specially emacs I gues) can put your system
at risk easier than nano could ever, because nano simply has not the needed
capabilities to act as a nuclear bomb. But as said, that wasn't the point
of the developers.

> How about a custom_editor flag, as you suggested, then an EDITOR
> variable in make.conf? Thats the only way I could see being able to
> solve this problem without invariably screwing someone. This would
> provide a fairly sane default while giving the user the choice to use
> something else.

That would be the only way that it would make sense to me. Just like we
have VIDEO_CARDS, some GENTOO_EDITOR variable would be nice for this. But
ebuilds and eclasses would need to be aware of this to push the correct
dependencies. It's not that trivial to addapt portage to a new portage
variable. The USE flag idea is non-viable and doesn't make sense.

It really isn't a big deal to configure yourself anyways. So unless some
developer is interested in this, I doubt they are going to do the job
unless some pristine and already working patch is sent to them, and someone
is willing to work on a collaborative way, and not just throwing
<the-editor-I-preffer> blindingly in the sudo ebuild.

-- 
Jesús Guerrero

Reply via email to