From: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Thu, 20 Jun 2019 17:51:47 +0000 (-0600)
Subject: Make env_editor the default.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=184484b21303d18333404919a008446a80921311;p=sudo

Make env_editor the default.
It is already the default in the package script.
---

diff --git a/INSTALL b/INSTALL
index cf3b45201..ca9b0ecbd 100644
--- a/INSTALL
+++ b/INSTALL
@@ -675,15 +675,15 @@ Options that set runtime-changeable default values:
 	that exists.  The default is the path to vi on your system.
 	Sudoers option: editor
 
-  --with-env-editor
-	Makes visudo consult the SUDO_EDITOR, VISUAL and EDITOR environment
-	variables before falling back on the default editor list (as specified
-	by --with-editor).  Note that visudo is typically run as root so this
-	option may allow a user with visudo privileges to run arbitrary
-	commands as root without logging.  An alternative is to use a
-	colon-separated list of "safe" editors with the --with-editor option.
-	visudo will then only use the SUDO_EDITOR, VISUAL or EDITOR variables
-	if they match a value specified via --with-editor.
+  --with-env-editor=no, --without-env-editor
+	By default, visudo will consult the SUDO_EDITOR, VISUAL and EDITOR
+	environment variables before falling back on the default editor list
+	(as specified by --with-editor).  visudo is typically run as root so
+	this option may allow a user with visudo privileges to run arbitrary
+	commands as root without logging.  Some sites may with to disable this
+	and use a colon-separated list of "safe" editors with the --with-editor
+	option.  visudo will then only use the SUDO_EDITOR, VISUAL or EDITOR
+	variables if they match a value specified via --with-editor.
 	Sudoers option: env_editor
 
   --with-exempt=GROUP
diff --git a/configure.ac b/configure.ac
index 9a5ee263c..b913e2f0a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -182,7 +182,7 @@ mailsub="*** SECURITY information for %h ***"
 badpass_message="Sorry, try again."
 fqdn=off
 runas_default=root
-env_editor=off
+env_editor=on
 env_reset=on
 editor=vi
 passwd_tries=3
diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index 77c69dbfe..9231a213a 100644
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1051,7 +1051,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        SUDO_EDITOR, VISUAL and/or EDITOR environment variables
                        must be present in the _e_n_v___k_e_e_p list for the _e_n_v___e_d_i_t_o_r
                        flag to function when vviissuuddoo is invoked via ssuuddoo.  This
-                       flag is _o_f_f by default.
+                       flag is _o_n by default.
 
      env_reset         If set, ssuuddoo will run the command in a minimal
                        environment containing the TERM, PATH, HOME, MAIL,
diff --git a/doc/visudo.cat b/doc/visudo.cat
index 8fe044496..1260ca8f9 100644
--- a/doc/visudo.cat
+++ b/doc/visudo.cat
@@ -50,7 +50,7 @@ DDEESSCCRRIIPPTTIIOONN
                enabled, the SUDO_EDITOR, VISUAL and/or EDITOR environment
                variables must be present in the _e_n_v___k_e_e_p list for the
                _e_n_v___e_d_i_t_o_r flag to function when vviissuuddoo is invoked via ssuuddoo.
-               The default value is _o_f_f, which can be set at compile time via
+               The default value is _o_n, which can be set at compile time via
                the --with-env-editor configure option.
 
      The options are as follows: