secure text editor

To: tclug-list@mn-linux.org
Subject: secure text editor
From: Dan Debertin <danield@bitstream.net>
Date: Mon, 6 Mar 2000 10:46:27 -0600 (CST)

We have the dubious necessity of letting certain users edit system config
files using sudo. Unfortunately, this opens up several security holes --
for one there is the simple shell escape. vim fortunately allow you to fix
this using rvim. The other hole that has me worried is this: say I open up
a named zone file: sudo /usr/local/bin/rvim /usr/local/named/xxx.hosts. I
can then, now that I am effectively root, delete the contents of this
file, write a new, say, inetd.conf and execute a :w /etc/inetd.conf, and I
have overwritten inetd.conf while making sudo think I'm editing a zone
file. Does anyone know of a secure,  preferably vi-like
text-editor? Thanks --

~Dan D.

__________________________________________________________________________
--  The belief that enhanced understanding will necessarily stir a
--  nation to action is one of mankind's oldest illusions.

++ Daniel M. Debertin
++ Systems Administrator
++ Router Geek
++ danield@bitstream.net
++ Bitstream Underground, Inc.
++ (612) 321-9290

Follow-Ups:
- Re: [TCLUG:14407] secure text editor
  - From: Scott <pope@ossuary.net>

Prev by Date: Re: [TCLUG:14382] BBC
Next by Date: Re: [TCLUG:14344] IPChains packet logging
Prev by thread: Re: [TCLUG:14343] desktop apm (powerless sleep)
Next by thread: Re: [TCLUG:14407] secure text editor
Index(es):
- Date
- Thread