From: Todd C. Miller Date: Mon, 6 Sep 2004 16:18:54 +0000 (+0000) Subject: Talk about how the editor must write its changes to the original file and X-Git-Tag: SUDO_1_6_8p1~41 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c6d8ea8afbc30f2ebf0b187e0280430fb65be530;p=sudo Talk about how the editor must write its changes to the original file and not just use rename(2). --- diff --git a/sudo.pod b/sudo.pod index 007974c57..e5796b9eb 100644 --- a/sudo.pod +++ b/sudo.pod @@ -194,6 +194,11 @@ B is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file. +Please note that the editor used must make its changes to the +original file (really the original inode). If the editor makes +changes to a temporary file and then just renames this to the +original file name it will not work with B. + =item -h The B<-h> (I) option causes B to print a usage message and exit. @@ -478,10 +483,9 @@ If users have sudo C there is nothing to prevent them from creating their own program that gives them a root shell regardless of any '!' elements in the user specification. -Running shell scripts via B can expose the same kernel bugs -that make setuid shell scripts unsafe on some operating systems -(if your OS supports the /dev/fd/ directory, setuid shell scripts -are generally safe). +Running shell scripts via B can expose the same kernel bugs that +make setuid shell scripts unsafe on some operating systems (if your OS +has a /dev/fd/ directory, setuid shell scripts are generally safe). =head1 SEE ALSO