Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-23686

sudo cannot spawn "vi" command when NOEXEC is specified

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • rhel-9.3.0
    • vim
    • None
    • Yes
    • Moderate
    • Regression
    • rhel-sst-cs-stacks
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      Customers are used to prevent shell execution from vi through using the following sudo stanzas, e.g.:

      Cmnd_Alias VIM = /usr/bin/vim,/bin/vi,/usr/libexec/vi,/usr/bin/vi
admin	ALL = NOPASSWD:NOEXEC:VIM

      Until RHEL9 this was working fine, but now it fails because /usr/bin/vi is now a shell script which internally selects the best binary.
      This leads to getting the following error and vi not spawning at all:

      [admin@vm-rhel9 ~]$ sudo vi
/usr/bin/vi: line 19: /usr/bin/vim: Permission denied
/usr/bin/vi: line 19: /usr/bin/vim: Success

      Please provide the package NVR for which bug is seen:

      vim-minimal-8.2.2637-20.el9_1

      How reproducible:

      Always, see above

              zdohnal@redhat.com Zdenek Dohnal
              rhn-support-rmetrich Renaud Métrich
              Zdenek Dohnal Zdenek Dohnal
              Frantisek Hrdina Frantisek Hrdina
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: