1

I executed these two commands:

export VISUAL=/usr/bin/vim
export EDITOR=/usr/bin/vim

And I checked if they were correctly updated by env. But I get a strange editor when I run sudo visudo.

Though I do not know the editor, at the bottom of the console it says this:

-----Mg: sudoers.tmp                  (fundamental)----Top------------------
(Read 29 lines)

This editor is useless because I cannot move the cursor. What I can do is to close the console.

What makes this weird editor run? What command should I execute to change editors?

Anthony Geoghegan
  • 11,533
  • 5
  • 49
  • 56
jun
  • 27
  • 4

2 Answers2

2

From :man visudo (second paragraph):

There is a hard-coded list of one or more editors that visudo will use set at compile-time that may be overridden via the editor sudoers Default variable. This list defaults to /usr/local/bin/vi. Normally, visudo does not honor the VISUAL or EDITOR environment variables unless they contain an editor in the aforementioned editors list. However, if visudo is configured with the --with-env-editor option or the env_editor Default variable is set in sudoers, visudo will use any the editor defines by VISUAL or EDITOR. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting VISUAL or EDITOR.

So, to configure another editor, you need to change the /etc/sudoers configuration and add for example a Defaults editor /usr/bin/vim line.

The strange this is that Vim should be the default editor already?! Based on your output, that may be from Vim (with corrupted terminal), or another editor (you could check the process tree).

Ingo Karkat
  • 167,457
  • 16
  • 250
  • 324
  • I forgot to look at man visudo though I read man pages of sudo and sudoers. Thank you. However, why can setting VISUAL or EDITOR be a security hole? If you have an idea, could you explain it? – jun Dec 15 '14 at 14:55
  • sudo can be limited to allow only execution of certain commands. If such a sudo-limited user can manipulate the EDITOR variable, that restriction could be circumvented. Note that since Vim can execute external shell commands, that's critical, too. But there at least it has to be explicitly typed by the user, not silently injected via an invisible environment variable. – Ingo Karkat Dec 15 '14 at 15:08
  • 2
    Thank you so much! It's convincing. Finally, I wrote "Defaults editor=/usr/bin/vim" on sudoers. – jun Dec 16 '14 at 03:50
1

It's an emacs-like editor called mg and you can/should read its man page, $ man mg, to know how it works.

As for how and why it became your default editor… you should take a look at your init files.

romainl
  • 186,200
  • 21
  • 280
  • 313