Bug 33

Summary: Possible Bug on sudo + vi
Product: Sudo Reporter: fabio
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: normal    
Version: 1.6.3   
Hardware: PC   
OS: Linux   

Description fabio 2001-04-11 15:03:33 MDT 
When I make sudo vi, then you type :sh to go to shell you gain root access.
Comment 1 Todd C. Miller 2001-04-11 15:16:59 MDT 
This is not a bug in sudo, it is a problem with giving a user access to programs
that allow shell escapes (vi is just one of many).  If you need to give access
to an editor you should use one that has a "secure" mode that disallows running
external commands.  Both nvi and vim have ways to do this.  To quote from the
sudo(8) man page "There is no easy way to prevent a user from gaining a root
shell if that user has access to commands allowing shell escapes."