Package: sudo Version: 1.6.8p12-4 Severity: normal
There is a typo error in the manpage of visudo. The variable enveditor should be listed as env_editor like it is in the sudoers manpage. -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-686 Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) Versions of packages sudo depends on: ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libpam-modules 0.79-4 Pluggable Authentication Modules f ii libpam0g 0.79-4 Pluggable Authentication Modules l sudo recommends no packages. -- no debconf information
diff -Naur sudo-1.6.8p12/visudo.man.in sudo-1.6.8p12-diff/visudo.man.in --- sudo-1.6.8p12/visudo.man.in 2005-11-08 13:22:22.000000000 -0500 +++ sudo-1.6.8p12-diff/visudo.man.in 2007-04-12 10:08:46.000000000 -0400 @@ -170,7 +170,7 @@ \&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment variables unless they contain an editor in the aforementioned editors list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR -flag or the \fIenveditor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, +flag or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, \&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.