RHEL-143726 sudo not able to spawn "vi" command when NOEXEC is used to prevent escaping to shell

Resolves: RHEL-143726

vi_wrapper

@@ -1,23 +0,0 @@
-#!/usr/bin/sh
-
-# run vim if:
-# - 'vi' command is used and 'vim' binary is available
-# - 'vim' command is used
-# NOTE: Set up a local alias if you want vim -> vi functionality. We will not
-# do it globally, because it messes up with available startup options (see 
-# ':help starting', 'vi' is not capable of '-d'). The introducing an environment
-# variable, which an user must set to get the feature, will do the same trick
-# as setting an alias (needs user input, does not work with sudo), so it is left
-# on user whether he decides to use an alias:
-#
-# alias vim=vi
-#
-# in bashrc file.
-
-if test -f /usr/bin/vim
-then
-  exec /usr/bin/vim "$@"
-fi
-
-# run vi otherwise
-exec /usr/libexec/vi "$@"

view_wrapper

@@ -7,4 +7,4 @@ then
 fi
 
 # run vi otherwise
-exec /usr/libexec/vi -R "$@"
+exec /usr/bin/vi -R "$@"

vim.spec

@@ -27,7 +27,7 @@ Summary: The VIM editor
 URL:     http://www.vim.org/
 Name: vim
 Version: %{baseversion}.%{patchlevel}
-Release: 23%{?dist}
+Release: 24%{?dist}
 License: Vim and MIT
 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
 Source1: virc
@@ -42,7 +42,6 @@ Source9: vim-default-editor.sh
 Source10: vim-default-editor.csh
 Source11: vim-default-editor.fish
 Source12: view_wrapper
-Source13: vi_wrapper
 
 %if %{withvimspell}
 Source100: vim-spell-files.tar.bz2
@@ -539,17 +538,13 @@ cd src
 # and put the stripped files into correct dirs. Build system (koji/brew) 
 # does it for us, so there is no need to do it in Vim
 %make_install BINDIR=%{_bindir} VIMRCLOC=/etc VIMRUNTIMEDIR=/usr/share/vim/%{vimdir} STRIP=/bin/true
-# make install creates vim binary and view symlink, they will be wrappers
-# so remove them here
-%{_bindir}/rm -f %{buildroot}%{_bindir}/{vim,view}
+
 make installgtutorbin  DESTDIR=%{buildroot} BINDIR=%{_bindir} VIMRCLOC=/etc VIMRUNTIMEDIR=/usr/share/vim/%{vimdir}
 mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,32x32,48x48,64x64}/apps
-mkdir -p %{buildroot}%{_libexecdir}
-install -m755 minimal-vim %{buildroot}%{_libexecdir}/vi
+install -m755 minimal-vim %{buildroot}%{_bindir}/vi
 install -m755 enhanced-vim %{buildroot}%{_bindir}/vim
 install -m755 gvim %{buildroot}%{_bindir}/gvim
 install -m755 %{SOURCE12} %{buildroot}%{_bindir}/view
-install -m755 %{SOURCE13} %{buildroot}%{_bindir}/vi
 install -p -m644 %{SOURCE3} \
    %{buildroot}%{_datadir}/icons/hicolor/16x16/apps/gvim.png
 install -p -m644 %{SOURCE4} \
@@ -603,9 +598,9 @@ SentUpstream: 2014-05-22
 EOF
 
 ( cd %{buildroot}
-  ln -sf %{_libexecdir}/vi .%{_bindir}/rvi
-  ln -sf %{_libexecdir}/vi .%{_bindir}/rview
-  ln -sf %{_libexecdir}/vi .%{_bindir}/ex
+  ln -sf %{_bindir}/vi .%{_bindir}/rvi
+  ln -sf %{_bindir}/vi .%{_bindir}/rview
+  ln -sf %{_bindir}/vi .%{_bindir}/ex
   ln -sf %{_bindir}/vim .%{_bindir}/rvim
   ln -sf %{_bindir}/vim .%{_bindir}/vimdiff
   perl -pi -e "s,%{buildroot},," .%{_mandir}/man1/vim.1 .%{_mandir}/man1/vimtutor.1
@@ -883,7 +878,6 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %{_bindir}/rview
 %{_bindir}/vi
 %{_bindir}/view
-%{_libexecdir}/vi
 %{_mandir}/man1/vi.*
 %{_mandir}/man1/ex.*
 %{_mandir}/man1/rvi.*
@@ -953,6 +947,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %endif
 
 %changelog
+* Mon Feb 02 2026 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-24
+- RHEL-143726 sudo not able to spawn "vi" command when NOEXEC is used to prevent escaping to shell
+
 * Wed Sep 17 2025 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-23
 - RHEL-112005 CVE-2025-53905 vim: Vim path traversial
 - RHEL-112009 CVE-2025-53906 vim: Vim path traversal