From c6d8ea8afbc30f2ebf0b187e0280430fb65be530 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 6 Sep 2004 16:18:54 +0000 Subject: [PATCH] Talk about how the editor must write its changes to the original file and not just use rename(2). --- sudo.pod | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/sudo.pod b/sudo.pod index 007974c57..e5796b9eb 100644 --- a/sudo.pod +++ b/sudo.pod @@ -194,6 +194,11 @@ B is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file. +Please note that the editor used must make its changes to the +original file (really the original inode). If the editor makes +changes to a temporary file and then just renames this to the +original file name it will not work with B. + =item -h The B<-h> (I) option causes B to print a usage message and exit. @@ -478,10 +483,9 @@ If users have sudo C there is nothing to prevent them from creating their own program that gives them a root shell regardless of any '!' elements in the user specification. -Running shell scripts via B can expose the same kernel bugs -that make setuid shell scripts unsafe on some operating systems -(if your OS supports the /dev/fd/ directory, setuid shell scripts -are generally safe). +Running shell scripts via B can expose the same kernel bugs that +make setuid shell scripts unsafe on some operating systems (if your OS +has a /dev/fd/ directory, setuid shell scripts are generally safe). =head1 SEE ALSO -- 2.40.0