From 882d2088f08c71208b9dcf8340fee47003d1ac30 Mon Sep 17 00:00:00 2001 From: Dmytro Meleshko Date: Thu, 10 Oct 2019 00:41:33 +0300 Subject: [PATCH] [system] rewrite editor lookup in sudoers --- system/files/etc/sudoers.d/99_dmitmel_dotfiles | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/system/files/etc/sudoers.d/99_dmitmel_dotfiles b/system/files/etc/sudoers.d/99_dmitmel_dotfiles index 4e8569e..161c56b 100644 --- a/system/files/etc/sudoers.d/99_dmitmel_dotfiles +++ b/system/files/etc/sudoers.d/99_dmitmel_dotfiles @@ -1 +1,11 @@ -Defaults pwfeedback, env_editor +# Show asterisks when typing passwords. +Defaults pwfeedback + +# Disable launching arbitrary editors from the EDITOR, VISUAL and SUDO_EDITOR +# variables when using visudo because this is a potential security hole. +Defaults !env_editor +# Whitelist of editors which visudo is allowed to run. +Defaults editor=/usr/bin/nvim:/usr/bin/vim:/usr/bin/nano:/bin/nano +# Pass-through the editor environment variables so that visudo will be able to +# see them. +Defaults env_keep+="EDITOR VISUAL SUDO_EDITOR"