Removed the obsolete sed in sudo and added a note to use visudo to edit the sudoers file.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5453 af4574ff-66df-0310-9fd7-8a98e5e911e0

general.ent

@@ -1,8 +1,8 @@
-<!ENTITY day          "20">
+<!ENTITY day          "21">
 <!ENTITY month        "12">
 <!ENTITY year         "2005">
 <!ENTITY version      "svn-&year;&month;&day;">
-<!ENTITY releasedate  "December &day;th, &year;">
+<!ENTITY releasedate  "December &day;st, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "development">          <!-- version|stable|testing|unstable|development] -->

introduction/welcome/changelog.xml

@@ -40,6 +40,16 @@
     </listitem>
 
 -->
+    <listitem>
+      <para>December 21st, 2005</para>
+      <itemizedlist>
+        <listitem>
+          <para>[archaic] - Removed the obsolete sed in sudo and added a note to
+          use visudo to edit the sudoers file.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
 
     <listitem>
       <para>December 20th, 2005</para>

postlfs/security/sudo.xml

@@ -83,8 +83,7 @@
     <para>Install <application>sudo</application> by running
     the following commands:</para>
 
-<screen><userinput>sed -i -e 's/CDPATH",/&amp;\n    "SHELLOPTS",\n    "PS4",/' env.c
+<screen><userinput>./configure --prefix=/usr --libexecdir=/usr/lib \
-./configure --prefix=/usr --libexecdir=/usr/lib \
     --enable-noargs-shell --with-ignore-dot --with-all-insults \
     --enable-shell-sets-home &amp;&amp;
 make</userinput></screen>
@@ -98,11 +97,6 @@ make</userinput></screen>
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><command>sed -i -e 's/CDPATH",/&amp;\n    "SHELLOPTS",\n    "PS4",/'
-    env.c</command>:  This command adds two environment variables to a list of
-    variables to be excluded from the target environment.  It solves a
-    security problem.</para>
-
     <para><option>--enable-noargs-shell</option>: This switch allows
     <application>sudo</application> to run a shell if invoked with no
     arguments.</para>
@@ -159,6 +153,14 @@ ADMIN       ALL = NOPASSWD: ALL</screen>
 
       <para>For details, see <command>man sudoers</command>.</para>
 
+      <note>
+        <para>The <application>Sudo</application> developers highly recommend
+        using the <command>visudo</command> program to edit the
+        <filename>sudoers</filename> file. This will provide basic sanity
+        checking like syntax parsing and file permission to avoid some possible
+        mistakes that could lead to a vulnerable configuration.</para>
+      </note>
+
     </sect3>
 
   </sect2>
@@ -172,7 +174,7 @@ ADMIN       ALL = NOPASSWD: ALL</screen>
       <segtitle>Installed Directories</segtitle>
 
       <seglistitem>
-        <seg>sudo and sudoedit</seg>
+        <seg>sudo, sudoedit, and visudo</seg>
         <seg>sudo_noexec.so</seg>
         <seg>None</seg>
       </seglistitem>
@@ -207,6 +209,18 @@ ADMIN       ALL = NOPASSWD: ALL</screen>
         </listitem>
       </varlistentry>
 
+      <varlistentry id="visudo">
+        <term><command>visudo</command></term>
+        <listitem>
+          <para>allows for safer editing of the <filename>sudoers</filename>
+          file.</para>
+          <indexterm zone="sudo visudo">
+            <primary sortas="b-visudo">visudo</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+
       <varlistentry id="sudo_noexec">
         <term><filename class='libraryfile'>sudo_noexec.so</filename></term>
         <listitem>