Issue 2151 🛂 do not give users a root shell by executing arbitrary shell commands by 'vim'

[thomasmerz]

Description

This PR fixes #2151 by by removing 'sudo' aliases because bash-it should not be the business of mucking about with sudo at all.

Initial purpose of this PR has changed and has been:
Use sudoedit instead of sudo vim which is a big security issue because users can get a root shell by executing arbitrary shell commands by vim!

Motivation and Context

Nobody wants users to allow to become root just because they can edit any file (which would also make them root by manipulating the "right" with the "right" commands).
Issue #2151 will be fixed by this PR.

How Has This Been Tested?

I use sudoedit instead of sudo vim for some decades on different linux distributions and also on MacOS 😁

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• If my change requires a change to the documentation, I have updated the documentation accordingly. - no change req'd.
• I have read the CONTRIBUTING document.
• If I have added a new file, I also added it to clean_files.txt and formatted it using lint_clean_files.sh. - no files added
• I have added tests to cover my changes, and all the new and existing tests pass. - there's nothing to add.

[gaelicWizard]

Mac OS X doesn't have a sudoedit by default (although it can be created by just symlinking sudo), so this will need some logic to cover that case.

[davidpfarrell]

Fun Fact: TIL that Mac's sudo will honor sudoedit if invoked under that name, but OSX doesn't create the symlink by default:

Source: https://news.ycombinator.com/item?id=25962018

example

# Personal $HOME/bin folder already on my $PATH
$ cd ~/bin

# Create the symlink
$ ln -s /usr/bin/sudo sudoedit

# Test it out
$ sudoedit /etc/hosts
Password:

This prompted for password then invoked my configured $EDITOR (which is sublime 4)

I will actually be leaving this symlink in place as I plan to use it all the time :)

[cornfeedhobo]

Can we change this PR to simply remove the alias? I don't think this adds enough value to be in this codebase. If the user really wants this, they can modify their bash environment.

Maybe, maybe, if we made a dedicated sudo alias file or something, but please not in general.

[davidpfarrell]

@davidpfarrell , I agree with @cornfeedhobo that we should remove these sudo commands at all. They are not really neccessary or "helpful" at all… Do you agree so I can change my PR?

@thomasmerz , I think @cornfeedhobo has made a good case for just deleting the sudo aliases.
So yes feel free to update this PR accordingly.

Thanks !

[thomasmerz]

@gaelicWizard

Mac OS X doesn't have a sudoedit by default (although it can be created by just symlinking sudo), so this will need some logic to cover that case.

sudoedit (and all sudo "edit") has been removed now as requested by majority of contributors/maintainer 👍🏼