Bugzilla – Bug 990
feature request: make sudo -e preserve filename by creating directory in /tmp with a random filename
Last modified: 2021-08-22 06:21:49 MDT
Most of the file editors determine the syntax highlighting type needed for the file based on its extension. sudo -e does not preserve the extension of the file, so file editors highlight the file as plain text even if it's in fact source code. This is quite trivial to implement: find the filename's extension (simple strrchr) and concatenate it to the temporary filename generated. However, I did not consider any security concerns. Please make sure that this does not violate the security of the tool.
It should already be doing that since version 1.8.13 at least. Sudoedit uses the mkstemps() function to create the temporary file and does exactly what you propose. See the sudo_edit_mktemp() function in src/sudo_edit.c where it calls strrchr(base, '.') when constructing the temporary file template. I just verified that this is working as expected. Can you give an example where the file extension is not preserved?
Oops, I'm sorry. Yes, it does preserve the file extension. I did not fact-check my hypothesis well enough. That's awkward. However, obviously, it does not preserve the filename - and that turns out to be the case of failures of some autocompletion & syntax highlighting scripts. I previously thought those were failing because of wrong file extension. So, I propose another change (I will update the issue title soon): create a temporary directory with random name, then edit the file with the same filename inside of that directory. It definitely requires some extra code and things to figure out (ownership of that directory), but it allows some more collisions and it's not a big problem if a directory already exists. Again, I'm sorry for my mistake with filename extension.