by sudoedit.
higher. It has no effect unless I/O logging is enabled
or the _\bu_\bs_\be_\b__\bp_\bt_\by flag is enabled.
- env_editor If set, v\bvi\bis\bsu\bud\bdo\bo will use the value of the EDITOR or
- VISUAL environment variables before falling back on the
- default editor list. Note that this may create a
- security hole as it allows the user to run any
+ env_editor If set, v\bvi\bis\bsu\bud\bdo\bo will use the value of the SUDO_EDITOR,
+ VISUAL or EDITOR environment variables before falling
+ back on the default editor list. Note that this may
+ create a security hole as it allows the user to run any
arbitrary command as root without logging. A safer
alternative is to place a colon-separated list of
- editors in the editor variable. v\bvi\bis\bsu\bud\bdo\bo will then only
- use the EDITOR or VISUAL if they match a value
- specified in editor. If the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt flag is enabled,
- the EDITOR and/or VISUAL environment variables must be
- present in the _\be_\bn_\bv_\b__\bk_\be_\be_\bp list for the _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br flag to
- function when v\bvi\bis\bsu\bud\bdo\bo is invoked via s\bsu\bud\bdo\bo. This flag is
- _\bo_\bf_\bf by default.
+ editors in the _\be_\bd_\bi_\bt_\bo_\br variable. v\bvi\bis\bsu\bud\bdo\bo will then only
+ use SUDO_EDITOR, VISUAL or EDITOR if they match a value
+ specified in _\be_\bd_\bi_\bt_\bo_\br. If the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt flag is enabled,
+ the SUDO_EDITOR, VISUAL and/or EDITOR environment
+ variables must be present in the _\be_\bn_\bv_\b__\bk_\be_\be_\bp list for the
+ _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br flag to function when v\bvi\bis\bsu\bud\bdo\bo is invoked via
+ s\bsu\bud\bdo\bo. This flag is _\bo_\bf_\bf by default.
env_reset If set, s\bsu\bud\bdo\bo will run the command in a minimal
environment containing the TERM, PATH, HOME, MAIL,
editor A colon (`:') separated list of editors allowed to be
used with v\bvi\bis\bsu\bud\bdo\bo. v\bvi\bis\bsu\bud\bdo\bo will choose the editor that
- matches the user's EDITOR or VISUAL environment
- variable if possible, or the first editor in the list
- that exists and is executable. Note that the EDITOR
- and VISUAL environment variables are not preserved by
- default when the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is enabled. The
- default is _\bv_\bi.
+ matches the user's SUDO_EDITOR, VISUAL or EDITOR
+ environment variable if possible, or the first editor
+ in the list that exists and is executable. Note that
+ the SUDO_EDITOR, VISUAL and EDITOR environment
+ variables are not preserved by default when the
+ _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option is enabled. The default is _\bv_\bi.
iolog_dir The top-level directory to use when constructing the
path name for the input/output log directory. Only
If set,
\fBvisudo\fR
will use the value of the
-\fREDITOR\fR
-or
+\fRSUDO_EDITOR\fR,
\fRVISUAL\fR
+or
+\fREDITOR\fR
environment variables before falling back on the default editor list.
Note that this may create a security hole as it allows the user to
run any arbitrary command as root without logging.
A safer alternative is to place a colon-separated list of editors
in the
-\fReditor\fR
+\fIeditor\fR
variable.
\fBvisudo\fR
-will then only use the
-\fREDITOR\fR
-or
+will then only use
+\fRSUDO_EDITOR\fR,
\fRVISUAL\fR
+or
+\fREDITOR\fR
if they match a value specified in
-\fReditor\fR.
+\fIeditor\fR.
If the
\fIenv_reset\fR
flag is enabled, the
-\fREDITOR\fR
-and/or
+\fRSUDO_EDITOR\fR,
\fRVISUAL\fR
+and/or
+\fREDITOR\fR
environment variables must be present in the
\fIenv_keep\fR
list for the
\fBvisudo\fR.
\fBvisudo\fR
will choose the editor that matches the user's
-\fREDITOR\fR
-or
+\fRSUDO_EDITOR\fR,
\fRVISUAL\fR
+or
+\fREDITOR\fR
environment variable if possible, or the first editor in the
list that exists and is executable.
Note that the
-\fREDITOR\fR
-and
+\fRSUDO_EDITOR\fR,
\fRVISUAL\fR
+and
+\fREDITOR\fR
environment variables are not preserved by default when the
\fIenv_reset\fR
option is enabled.
If set,
.Nm visudo
will use the value of the
-.Ev EDITOR
-or
+.Ev SUDO_EDITOR ,
.Ev VISUAL
+or
+.Ev EDITOR
environment variables before falling back on the default editor list.
Note that this may create a security hole as it allows the user to
run any arbitrary command as root without logging.
A safer alternative is to place a colon-separated list of editors
in the
-.Li editor
+.Em editor
variable.
.Nm visudo
-will then only use the
-.Ev EDITOR
-or
+will then only use
+.Ev SUDO_EDITOR ,
.Ev VISUAL
+or
+.Ev EDITOR
if they match a value specified in
-.Li editor .
+.Em editor .
If the
.Em env_reset
flag is enabled, the
-.Ev EDITOR
-and/or
+.Ev SUDO_EDITOR ,
.Ev VISUAL
+and/or
+.Ev EDITOR
environment variables must be present in the
.Em env_keep
list for the
.Nm visudo .
.Nm visudo
will choose the editor that matches the user's
-.Ev EDITOR
-or
+.Ev SUDO_EDITOR ,
.Ev VISUAL
+or
+.Ev EDITOR
environment variable if possible, or the first editor in the
list that exists and is executable.
Note that the
-.Ev EDITOR
-and
+.Ev SUDO_EDITOR ,
.Ev VISUAL
+and
+.Ev EDITOR
environment variables are not preserved by default when the
.Em env_reset
option is enabled.
_\bs_\bu_\bd_\bo_\be_\br_\bs file is currently being edited you will receive a message to try
again later.
- There is a hard-coded list of one or more editors that v\bvi\bis\bsu\bud\bdo\bo will use
- set at compile-time that may be overridden via the _\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs Default
- variable. This list defaults to vi. Normally, v\bvi\bis\bsu\bud\bdo\bo does not honor the
- VISUAL or EDITOR environment variables unless they contain an editor in
- the aforementioned editors list. However, if v\bvi\bis\bsu\bud\bdo\bo is configured with
- the --with-env-editor option or the _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br Default variable is set in
- _\bs_\bu_\bd_\bo_\be_\br_\bs, v\bvi\bis\bsu\bud\bdo\bo will use any the editor defines by VISUAL or EDITOR.
- Note that this can be a security hole since it allows the user to execute
- any program they wish simply by setting VISUAL or EDITOR.
-
- v\bvi\bis\bsu\bud\bdo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not save the
+ v\bvi\bis\bsu\bud\bdo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after editing and will not save the
changes if there is a syntax error. Upon finding an error, v\bvi\bis\bsu\bud\bdo\bo will
print a message stating the line number(s) where the error occurred and
the user will receive the "What now?" prompt. At this point the user may
enter `e' to re-edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file, `x' to exit without saving the
changes, or `Q' to quit and save changes. The `Q' option should be used
- with extreme care because if v\bvi\bis\bsu\bud\bdo\bo believes there to be a parse error,
- so will s\bsu\bud\bdo\bo and no one will be able to run s\bsu\bud\bdo\bo again until the error is
- fixed. If `e' is typed to edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file after a parse error has
- been detected, the cursor will be placed on the line where the error
- occurred (if the editor supports this feature).
+ with extreme caution because if v\bvi\bis\bsu\bud\bdo\bo believes there to be a parse
+ error, so will s\bsu\bud\bdo\bo and no one will be able to run s\bsu\bud\bdo\bo again until the
+ error is fixed. If `e' is typed to edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file after a parse
+ error has been detected, the cursor will be placed on the line where the
+ error occurred (if the editor supports this feature).
+
+ There are two _\bs_\bu_\bd_\bo_\be_\br_\bs settings that determine which editor v\bvi\bis\bsu\bud\bdo\bo will
+ run.
+
+ editor A colon (`:') separated list of editors allowed to be used with
+ v\bvi\bis\bsu\bud\bdo\bo. v\bvi\bis\bsu\bud\bdo\bo will choose the editor that matches the user's
+ SUDO_EDITOR, VISUAL or EDITOR environment variable if possible,
+ or the first editor in the list that exists and is executable.
+ Note that the SUDO_EDITOR, VISUAL and EDITOR environment
+ variables are not preserved by default when the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt
+ _\bs_\bu_\bd_\bo_\be_\br_\bs option is enabled. The default editor path is _\bv_\bi which
+ can be set at compile time via the --with-editor configure
+ option.
+
+ env_editor
+ If set, v\bvi\bis\bsu\bud\bdo\bo will use the value of the SUDO_EDITOR, VISUAL or
+ EDITOR environment variables before falling back on the default
+ editor list. Note that this may create a security hole as it
+ allows the user to run any arbitrary command as root without
+ logging. A safer alternative is to place a colon-separated
+ list of editors in the _\be_\bd_\bi_\bt_\bo_\br variable. v\bvi\bis\bsu\bud\bdo\bo will then only
+ use SUDO_EDITOR, VISUAL or EDITOR if they match a value
+ specified in _\be_\bd_\bi_\bt_\bo_\br. If the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt flag is enabled, the
+ SUDO_EDITOR, VISUAL and/or EDITOR environment variables must be
+ present in the _\be_\bn_\bv_\b__\bk_\be_\be_\bp list for the _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br flag to
+ function when v\bvi\bis\bsu\bud\bdo\bo is invoked via s\bsu\bud\bdo\bo. The default value is
+ _\bo_\bf_\bf, which can be set at compile time via the --with-env-editor
+ configure option.
The options are as follows:
The following environment variables may be consulted depending on the
value of the _\be_\bd_\bi_\bt_\bo_\br and _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs settings:
- VISUAL Invoked by v\bvi\bis\bsu\bud\bdo\bo as the editor to use
+ SUDO_EDITOR Invoked by v\bvi\bis\bsu\bud\bdo\bo as the editor to use
- EDITOR Used by v\bvi\bis\bsu\bud\bdo\bo if VISUAL is not set
+ VISUAL Used by v\bvi\bis\bsu\bud\bdo\bo if SUDO_EDITOR is not set
+
+ EDITOR Used by v\bvi\bis\bsu\bud\bdo\bo if neither SUDO_EDITOR nor VISUAL is set
F\bFI\bIL\bLE\bES\bS
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf Sudo front end configuration
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.22 December 6, 2017 Sudo 1.8.22
+Sudo 1.8.22 December 21, 2017 Sudo 1.8.22
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "VISUDO" "8" "December 6, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "VISUDO" "8" "December 21, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fIsudoers\fR
file is currently being edited you will receive a message to try again later.
.PP
-There is a hard-coded list of one or more editors that
-\fBvisudo\fR
-will use set at compile-time that may be overridden via the
-\fIeditor\fR
-\fIsudoers\fR
-\fRDefault\fR
-variable.
-This list defaults to
-\fR@editor@\fR.
-Normally,
-\fBvisudo\fR
-does not honor the
-\fRVISUAL\fR
-or
-\fREDITOR\fR
-environment variables unless they contain an editor in the aforementioned
-editors list.
-However, if
-\fBvisudo\fR
-is configured with the
-\fR--with-env-editor\fR
-option or the
-\fIenv_editor\fR
-\fRDefault\fR
-variable is set in
-\fIsudoers\fR,
-\fBvisudo\fR
-will use any the editor defines by
-\fRVISUAL\fR
-or
-\fREDITOR\fR.
-Note that this can be a security hole since it allows the user to
-execute any program they wish simply by setting
-\fRVISUAL\fR
-or
-\fREDITOR\fR.
-.PP
\fBvisudo\fR
parses the
\fIsudoers\fR
-file after the edit and will
-not save the changes if there is a syntax error.
+file after editing and will not save the changes if there is a syntax error.
Upon finding an error,
\fBvisudo\fR
will print a message stating the line number(s)
to quit and save changes.
The
\(oqQ\(cq
-option should be used with extreme care because if
+option should be used with extreme caution because if
\fBvisudo\fR
believes there to be a parse error, so will
\fBsudo\fR
file after a parse error has been detected, the cursor will be placed on
the line where the error occurred (if the editor supports this feature).
.PP
+There are two
+\fIsudoers\fR
+settings that determine which editor
+\fBvisudo\fR
+will run.
+.TP 10n
+editor
+A colon
+(\(oq:\&\(cq)
+separated list of editors allowed to be used with
+\fBvisudo\fR.
+\fBvisudo\fR
+will choose the editor that matches the user's
+\fRSUDO_EDITOR\fR,
+\fRVISUAL\fR
+or
+\fREDITOR\fR
+environment variable if possible, or the first editor in the
+list that exists and is executable.
+Note that the
+\fRSUDO_EDITOR\fR,
+\fRVISUAL\fR
+and
+\fREDITOR\fR
+environment variables are not preserved by default when the
+\fIenv_reset\fR
+\fIsudoers\fR
+option is enabled.
+The default editor path is
+\fI@editor@\fR
+which can be set at compile time via the
+\fR--with-editor\fR
+configure option.
+.TP 10n
+env_editor
+If set,
+\fBvisudo\fR
+will use the value of the
+\fRSUDO_EDITOR\fR,
+\fRVISUAL\fR
+or
+\fREDITOR\fR
+environment variables before falling back on the default editor list.
+Note that this may create a security hole as it allows the user to
+run any arbitrary command as root without logging.
+A safer alternative is to place a colon-separated list of editors
+in the
+\fIeditor\fR
+variable.
+\fBvisudo\fR
+will then only use
+\fRSUDO_EDITOR\fR,
+\fRVISUAL\fR
+or
+\fREDITOR\fR
+if they match a value specified in
+\fIeditor\fR.
+If the
+\fIenv_reset\fR
+flag is enabled, the
+\fRSUDO_EDITOR\fR,
+\fRVISUAL\fR
+and/or
+\fREDITOR\fR
+environment variables must be present in the
+\fIenv_keep\fR
+list for the
+\fIenv_editor\fR
+flag to function when
+\fBvisudo\fR
+is invoked via
+\fBsudo\fR.
+The default value is
+\fI@env_editor@\fR,
+which can be set at compile time via the
+\fR--with-env-editor\fR
+configure option.
+.PP
The options are as follows:
.TP 12n
\fB\-c\fR, \fB\--check\fR
\fIsudoers\fR
settings:
.TP 17n
-\fRVISUAL\fR
+\fRSUDO_EDITOR\fR
Invoked by
\fBvisudo\fR
as the editor to use
.TP 17n
-\fREDITOR\fR
+\fRVISUAL\fR
Used by
\fBvisudo\fR
if
-\fRVISUAL\fR
+\fRSUDO_EDITOR\fR
is not set
+.TP 17n
+\fREDITOR\fR
+Used by
+\fBvisudo\fR
+if neither
+\fRSUDO_EDITOR\fR
+nor
+\fRVISUAL\fR
+is set
.SH "FILES"
.TP 26n
\fI@sysconfdir@/sudo.conf\fR
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd December 6, 2017
+.Dd December 21, 2017
.Dt VISUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Em sudoers
file is currently being edited you will receive a message to try again later.
.Pp
-There is a hard-coded list of one or more editors that
-.Nm
-will use set at compile-time that may be overridden via the
-.Em editor
-.Em sudoers
-.Li Default
-variable.
-This list defaults to
-.Li "@editor@" .
-Normally,
-.Nm
-does not honor the
-.Ev VISUAL
-or
-.Ev EDITOR
-environment variables unless they contain an editor in the aforementioned
-editors list.
-However, if
-.Nm
-is configured with the
-.Li --with-env-editor
-option or the
-.Em env_editor
-.Li Default
-variable is set in
-.Em sudoers ,
-.Nm
-will use any the editor defines by
-.Ev VISUAL
-or
-.Ev EDITOR .
-Note that this can be a security hole since it allows the user to
-execute any program they wish simply by setting
-.Ev VISUAL
-or
-.Ev EDITOR .
-.Pp
.Nm
parses the
.Em sudoers
-file after the edit and will
-not save the changes if there is a syntax error.
+file after editing and will not save the changes if there is a syntax error.
Upon finding an error,
.Nm
will print a message stating the line number(s)
to quit and save changes.
The
.Ql Q
-option should be used with extreme care because if
+option should be used with extreme caution because if
.Nm
believes there to be a parse error, so will
.Nm sudo
file after a parse error has been detected, the cursor will be placed on
the line where the error occurred (if the editor supports this feature).
.Pp
+There are two
+.Em sudoers
+settings that determine which editor
+.Nm visudo
+will run.
+.Bl -tag -width 8n
+.It editor
+A colon
+.Pq Ql :\&
+separated list of editors allowed to be used with
+.Nm .
+.Nm
+will choose the editor that matches the user's
+.Ev SUDO_EDITOR ,
+.Ev VISUAL
+or
+.Ev EDITOR
+environment variable if possible, or the first editor in the
+list that exists and is executable.
+Note that the
+.Ev SUDO_EDITOR ,
+.Ev VISUAL
+and
+.Ev EDITOR
+environment variables are not preserved by default when the
+.Em env_reset
+.Em sudoers
+option is enabled.
+The default editor path is
+.Pa @editor@
+which can be set at compile time via the
+.Li --with-editor
+configure option.
+.It env_editor
+If set,
+.Nm
+will use the value of the
+.Ev SUDO_EDITOR ,
+.Ev VISUAL
+or
+.Ev EDITOR
+environment variables before falling back on the default editor list.
+Note that this may create a security hole as it allows the user to
+run any arbitrary command as root without logging.
+A safer alternative is to place a colon-separated list of editors
+in the
+.Em editor
+variable.
+.Nm
+will then only use
+.Ev SUDO_EDITOR ,
+.Ev VISUAL
+or
+.Ev EDITOR
+if they match a value specified in
+.Em editor .
+If the
+.Em env_reset
+flag is enabled, the
+.Ev SUDO_EDITOR ,
+.Ev VISUAL
+and/or
+.Ev EDITOR
+environment variables must be present in the
+.Em env_keep
+list for the
+.Em env_editor
+flag to function when
+.Nm
+is invoked via
+.Nm sudo .
+The default value is
+.Em @env_editor@ ,
+which can be set at compile time via the
+.Li --with-env-editor
+configure option.
+.El
+.Pp
The options are as follows:
.Bl -tag -width Fl
.It Fl c , -check
.Em sudoers
settings:
.Bl -tag -width 15n
-.It Ev VISUAL
+.It Ev SUDO_EDITOR
Invoked by
.Nm
as the editor to use
-.It Ev EDITOR
+.It Ev VISUAL
Used by
.Nm
if
-.Ev VISUAL
+.Ev SUDO_EDITOR
is not set
+.It Ev EDITOR
+Used by
+.Nm
+if neither
+.Ev SUDO_EDITOR
+nor
+.Ev VISUAL
+is set
.El
.Sh FILES
.Bl -tag -width 24n
* the result against whitelist if non-NULL. An argument vector
* suitable for execve() is allocated and stored in argv_out.
* If nfiles is non-zero, files[] is added to the end of argv_out.
+ *
* Returns the path to be executed on success, else NULL.
* The caller is responsible for freeing the returned editor path
* as well as the argument vector.
*/
-char *
+static char *
resolve_editor(const char *ed, size_t edlen, int nfiles, char **files,
int *argc_out, char ***argv_out, char * const *whitelist)
{
*argv_out = nargv;
debug_return_str(editor_path);
}
+
+/*
+ * Determine which editor to use based on the SUDO_EDITOR, VISUAL and
+ * EDITOR environment variables as well as the editor path in sudoers.
+ * If env_error is true, an editor environment variable that cannot be
+ * resolved is an error.
+ *
+ * Returns the path to be executed on success, else NULL.
+ * The caller is responsible for freeing the returned editor path
+ * as well as the argument vector.
+ */
+char *
+find_editor(int nfiles, char **files, int *argc_out, char ***argv_out,
+ char * const *whitelist, const char **env_editor, bool env_error)
+{
+ char *ev[3], *editor_path = NULL;
+ unsigned int i;
+ debug_decl(find_editor, SUDOERS_DEBUG_UTIL)
+
+ /*
+ * If any of SUDO_EDITOR, VISUAL or EDITOR are set, choose the first one.
+ */
+ *env_editor = NULL;
+ ev[0] = "SUDO_EDITOR";
+ ev[1] = "VISUAL";
+ ev[2] = "EDITOR";
+ for (i = 0; i < nitems(ev); i++) {
+ char *editor = getenv(ev[i]);
+
+ if (editor != NULL && *editor != '\0') {
+ *env_editor = editor;
+ editor_path = resolve_editor(editor, strlen(editor),
+ nfiles, files, argc_out, argv_out, whitelist);
+ if (editor_path != NULL)
+ break;
+ if (errno != ENOENT)
+ debug_return_str(NULL);
+ }
+ }
+ if (editor_path == NULL) {
+ const char *def_editor_end = def_editor + strlen(def_editor);
+ const char *cp, *ep;
+
+ if (env_error && *env_editor != NULL) {
+ /* User-specified editor could not be found. */
+ debug_return_str(NULL);
+ }
+
+ /* def_editor could be a path, split it up, avoiding strtok() */
+ for (cp = sudo_strsplit(def_editor, def_editor_end, ":", &ep);
+ cp != NULL; cp = sudo_strsplit(NULL, def_editor_end, ":", &ep)) {
+ editor_path = resolve_editor(cp, (size_t)(ep - cp), nfiles,
+ files, argc_out, argv_out, whitelist);
+ if (editor_path != NULL)
+ break;
+ if (errno != ENOENT)
+ debug_return_str(NULL);
+ }
+ }
+
+ debug_return_str(editor_path);
+}
/*
* Prototypes
*/
-static char *find_editor(int nfiles, char **files, int *argc_out, char ***argv_out);
static bool cb_fqdn(const union sudo_defs_val *);
static bool cb_runas_default(const union sudo_defs_val *);
static bool cb_tty_tickets(const union sudo_defs_val *);
/* Note: must call audit before uid change. */
if (ISSET(sudo_mode, MODE_EDIT)) {
int edit_argc;
+ const char *env_editor;
free(safe_cmnd);
safe_cmnd = find_editor(NewArgc - 1, NewArgv + 1, &edit_argc,
- &edit_argv);
+ &edit_argv, NULL, &env_editor, false);
if (safe_cmnd == NULL) {
if (errno != ENOENT)
goto done;
+ audit_failure(NewArgc, NewArgv, N_("%s: command not found"),
+ env_editor ? env_editor : def_editor);
+ sudo_warnx(U_("%s: command not found"),
+ env_editor ? env_editor : def_editor);
goto bad;
}
if (audit_success(edit_argc, edit_argv) != 0 && !def_ignore_audit_errors)
debug_return;
}
-/*
- * Determine which editor to use. We don't need to worry about restricting
- * this to a "safe" editor since it runs with the uid of the invoking user,
- * not the runas (privileged) user.
- * Returns a fully-qualified path to the editor on success and fills
- * in argc_out and argv_out accordingly. Returns NULL on failure.
- */
-static char *
-find_editor(int nfiles, char **files, int *argc_out, char ***argv_out)
-{
- const char *cp, *ep, *editor = NULL;
- char *editor_path = NULL, **ev, *ev0[4];
- debug_decl(find_editor, SUDOERS_DEBUG_PLUGIN)
-
- /*
- * If any of SUDO_EDITOR, VISUAL or EDITOR are set, choose the first one.
- */
- ev0[0] = "SUDO_EDITOR";
- ev0[1] = "VISUAL";
- ev0[2] = "EDITOR";
- ev0[3] = NULL;
- for (ev = ev0; editor_path == NULL && *ev != NULL; ev++) {
- if ((editor = getenv(*ev)) != NULL && *editor != '\0') {
- editor_path = resolve_editor(editor, strlen(editor),
- nfiles, files, argc_out, argv_out, NULL);
- if (editor_path != NULL)
- break;
- if (errno != ENOENT)
- debug_return_str(NULL);
- }
- }
- if (editor_path == NULL) {
- /* def_editor could be a path, split it up, avoiding strtok() */
- const char *def_editor_end = def_editor + strlen(def_editor);
- for (cp = sudo_strsplit(def_editor, def_editor_end, ":", &ep);
- cp != NULL; cp = sudo_strsplit(NULL, def_editor_end, ":", &ep)) {
- editor_path = resolve_editor(cp, (size_t)(ep - cp), nfiles,
- files, argc_out, argv_out, NULL);
- if (editor_path != NULL)
- break;
- if (errno != ENOENT)
- debug_return_str(NULL);
- }
- }
- if (!editor_path) {
- audit_failure(NewArgc, NewArgv, N_("%s: command not found"),
- editor ? editor : def_editor);
- sudo_warnx(U_("%s: command not found"), editor ? editor : def_editor);
- }
- debug_return_str(editor_path);
-}
-
#ifdef USE_ADMIN_FLAG
static int
create_admin_success_flag(void)
extern const char *path_plugin_dir;
/* editor.c */
-char *resolve_editor(const char *ed, size_t edlen, int nfiles, char **files,
- int *argc_out, char ***argv_out, char * const *whitelist);
+char *find_editor(int nfiles, char **files, int *argc_out, char ***argv_out,
+ char * const *whitelist, const char **env_editor, bool env_error);
/* mkdir_parents.c */
bool sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet);
static char *
get_editor(int *editor_argc, char ***editor_argv)
{
- char *editor, *editor_path = NULL, **whitelist = NULL;
+ char *editor_path = NULL, **whitelist = NULL;
+ const char *env_editor;
static char *files[] = { "+1", "sudoers" };
unsigned int whitelist_len = 0;
debug_decl(get_editor, SUDOERS_DEBUG_UTIL)
whitelist[whitelist_len] = NULL;
}
- /* First try to use user's VISUAL or EDITOR environment vars. */
- if ((editor = getenv("VISUAL")) == NULL || *editor == '\0')
- editor = getenv("EDITOR");
- if (editor && *editor == '\0')
- editor = NULL;
- if (editor != NULL) {
- editor_path = resolve_editor(editor, strlen(editor), 2, files,
- editor_argc, editor_argv, whitelist);
- if (def_env_editor && editor_path == NULL) {
- /* If we are honoring $EDITOR this is a fatal error. */
- sudo_fatalx(U_("specified editor (%s) doesn't exist"), editor);
- }
- }
+ editor_path = find_editor(2, files, editor_argc, editor_argv, whitelist,
+ &env_editor, true);
if (editor_path == NULL) {
- /* def_editor could be a path, split it up, avoiding strtok() */
- const char *def_editor_end = def_editor + strlen(def_editor);
- const char *cp, *ep;
- for (cp = sudo_strsplit(def_editor, def_editor_end, ":", &ep);
- cp != NULL; cp = sudo_strsplit(NULL, def_editor_end, ":", &ep)) {
- editor_path = resolve_editor(cp, (size_t)(ep - cp), 2, files,
- editor_argc, editor_argv, whitelist);
- if (editor_path != NULL)
- break;
- if (errno != ENOENT)
- goto done;
+ if (def_env_editor && env_editor != NULL) {
+ /* We are honoring $EDITOR so this is a fatal error. */
+ sudo_fatalx(U_("specified editor (%s) doesn't exist"), env_editor);
}
- }
- if (editor_path == NULL)
sudo_fatalx(U_("no editor found (editor path = %s)"), def_editor);
+ }
-done:
if (whitelist != NULL) {
while (whitelist_len--)
free(whitelist[whitelist_len]);
projects / sudo / commitdiff