From a193f39c83db0f0430ee49104d8a36d2905b3a59 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Thu, 20 Jun 2019 10:11:26 -0600
Subject: [PATCH] Modern visudo locks the actual sudoers file, not the
 sudoers.tmp file. Refer to sudoers.tmp as a temporary file, not a lock file.
 Reported by Sander Bos

---
 doc/visudo.cat     | 22 +++++++++++-----------
 doc/visudo.man.in  | 15 +++++++--------
 doc/visudo.mdoc.in | 15 +++++++--------
 3 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/doc/visudo.cat b/doc/visudo.cat
index 6af90663f..fe3be5260 100644
--- a/doc/visudo.cat
+++ b/doc/visudo.cat
@@ -9,9 +9,9 @@ SSYYNNOOPPSSIISS
 DDEESSCCRRIIPPTTIIOONN
      vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to vipw(1m).
      vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits,
-     provides basic sanity checks, and checks for parse errors.  If the
-     _s_u_d_o_e_r_s file is currently being edited you will receive a message to try
-     again later.
+     provides basic sanity checks, and checks for parse errors before
+     installing the edited file.  If the _s_u_d_o_e_r_s file is currently being
+     edited you will receive a message to try again later.
 
      vviissuuddoo parses the _s_u_d_o_e_r_s file after editing and will not save the
      changes if there is a syntax error.  Upon finding an error, vviissuuddoo will
@@ -90,11 +90,11 @@ DDEESSCCRRIIPPTTIIOONN
                  Print the vviissuuddoo and _s_u_d_o_e_r_s grammar versions and exit.
 
      A _s_u_d_o_e_r_s file may be specified instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s.
-     The lock file used is the specified _s_u_d_o_e_r_s file with ".tmp" appended to
-     it.  In _c_h_e_c_k_-_o_n_l_y mode only, `-' may be used to indicate that _s_u_d_o_e_r_s
-     will be read from the standard input.  Because the policy is evaluated in
-     its entirety, it is not sufficient to check an individual _s_u_d_o_e_r_s include
-     file for syntax errors.
+     The temporary file used is the specified _s_u_d_o_e_r_s file with ".tmp"
+     appended to it.  In _c_h_e_c_k_-_o_n_l_y mode only, `-' may be used to indicate
+     that _s_u_d_o_e_r_s will be read from the standard input.  Because the policy is
+     evaluated in its entirety, it is not sufficient to check an individual
+     _s_u_d_o_e_r_s include file for syntax errors.
 
    DDeebbuuggggiinngg aanndd ssuuddooeerrss pplluuggiinn aarrgguummeennttss
      vviissuuddoo versions 1.8.4 and higher support a flexible debugging framework
@@ -147,7 +147,7 @@ FFIILLEESS
 
      _/_e_t_c_/_s_u_d_o_e_r_s              List of who can run what
 
-     _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p          Lock file for visudo
+     _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p          Default temporary file used by visudo
 
 DDIIAAGGNNOOSSTTIICCSS
      In addition to reporting _s_u_d_o_e_r_s parse errors, vviissuuddoo may produce the
@@ -156,7 +156,7 @@ DDIIAAGGNNOOSSTTIICCSS
      sudoers file busy, try again later.
            Someone else is currently editing the _s_u_d_o_e_r_s file.
 
-     /etc/sudoers.tmp: Permission denied
+     /etc/sudoers: Permission denied
            You didn't run vviissuuddoo as root.
 
      you do not exist in the passwd database
@@ -223,4 +223,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or https://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.28                    December 24, 2018                   Sudo 1.8.28
+Sudo 1.8.28                      June 20, 2019                     Sudo 1.8.28
diff --git a/doc/visudo.man.in b/doc/visudo.man.in
index cfb010248..746754cf7 100644
--- a/doc/visudo.man.in
+++ b/doc/visudo.man.in
@@ -2,7 +2,7 @@
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 1996,1998-2005, 2007-2018
+.\" Copyright (c) 1996,1998-2005, 2007-2019
 .\"	Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "VISUDO" "@mansectsu@" "December 24, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "VISUDO" "@mansectsu@" "June 20, 2019" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -42,7 +42,7 @@ vipw(@mansectsu@).
 locks the
 \fIsudoers\fR
 file against multiple simultaneous edits, provides basic sanity checks,
-and checks for parse errors.
+and checks for parse errors before installing the edited file.
 If the
 \fIsudoers\fR
 file is currently being edited you will receive a message to try again later.
@@ -72,8 +72,7 @@ option should be used with extreme caution because if
 \fBvisudo\fR
 believes there to be a parse error, so will
 \fBsudo\fR
-and no one
-will be able to run
+and no one will be able to run
 \fBsudo\fR
 again until the error is fixed.
 If
@@ -238,7 +237,7 @@ A
 \fIsudoers\fR
 file may be specified instead of the default,
 \fI@sysconfdir@/sudoers\fR.
-The lock file used is the specified
+The temporary file used is the specified
 \fIsudoers\fR
 file with
 \(lq\.tmp\(rq
@@ -352,7 +351,7 @@ Sudo front end configuration
 List of who can run what
 .TP 26n
 \fI@sysconfdir@/sudoers.tmp\fR
-Lock file for visudo
+Default temporary file used by visudo
 .SH "DIAGNOSTICS"
 In addition to reporting
 \fIsudoers\fR
@@ -365,7 +364,7 @@ Someone else is currently editing the
 \fIsudoers\fR
 file.
 .TP 6n
-\fR@sysconfdir@/sudoers.tmp: Permission denied\fR
+\fR@sysconfdir@/sudoers: Permission denied\fR
 You didn't run
 \fBvisudo\fR
 as root.
diff --git a/doc/visudo.mdoc.in b/doc/visudo.mdoc.in
index 41625ac01..a9dc8ec1d 100644
--- a/doc/visudo.mdoc.in
+++ b/doc/visudo.mdoc.in
@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 1996,1998-2005, 2007-2018
+.\" Copyright (c) 1996,1998-2005, 2007-2019
 .\"	Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -20,7 +20,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd December 24, 2018
+.Dd June 20, 2019
 .Dt VISUDO @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -40,7 +40,7 @@ file in a safe fashion, analogous to
 locks the
 .Em sudoers
 file against multiple simultaneous edits, provides basic sanity checks,
-and checks for parse errors.
+and checks for parse errors before installing the edited file.
 If the
 .Em sudoers
 file is currently being edited you will receive a message to try again later.
@@ -70,8 +70,7 @@ option should be used with extreme caution because if
 .Nm
 believes there to be a parse error, so will
 .Nm sudo
-and no one
-will be able to run
+and no one will be able to run
 .Nm sudo
 again until the error is fixed.
 If
@@ -232,7 +231,7 @@ A
 .Em sudoers
 file may be specified instead of the default,
 .Pa @sysconfdir@/sudoers .
-The lock file used is the specified
+The temporary file used is the specified
 .Em sudoers
 file with
 .Dq \.tmp
@@ -338,7 +337,7 @@ Sudo front end configuration
 .It Pa @sysconfdir@/sudoers
 List of who can run what
 .It Pa @sysconfdir@/sudoers.tmp
-Lock file for visudo
+Default temporary file used by visudo
 .El
 .Sh DIAGNOSTICS
 In addition to reporting
@@ -351,7 +350,7 @@ may produce the following messages:
 Someone else is currently editing the
 .Em sudoers
 file.
-.It Li @sysconfdir@/sudoers.tmp: Permission denied
+.It Li @sysconfdir@/sudoers: Permission denied
 You didn't run
 .Nm
 as root.
-- 
2.40.0