From a87691e37b134fc75052805031642082de4e91f8 Mon Sep 17 00:00:00 2001 From: Zdenek Dohnal Date: Wed, 4 Feb 2026 09:55:17 +0100 Subject: [PATCH] RHEL-143726 sudo not able to spawn "vi" command when NOEXEC is used to prevent escaping to shell Resolves: RHEL-143726 --- vi_wrapper | 23 ----------------------- view_wrapper | 2 +- vim.spec | 21 +++++++++------------ 3 files changed, 10 insertions(+), 36 deletions(-) delete mode 100644 vi_wrapper diff --git a/vi_wrapper b/vi_wrapper deleted file mode 100644 index 1bb1aece..00000000 --- a/vi_wrapper +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/sh - -# run vim if: -# - 'vi' command is used and 'vim' binary is available -# - 'vim' command is used -# NOTE: Set up a local alias if you want vim -> vi functionality. We will not -# do it globally, because it messes up with available startup options (see -# ':help starting', 'vi' is not capable of '-d'). The introducing an environment -# variable, which an user must set to get the feature, will do the same trick -# as setting an alias (needs user input, does not work with sudo), so it is left -# on user whether he decides to use an alias: -# -# alias vim=vi -# -# in bashrc file. - -if test -f /usr/bin/vim -then - exec /usr/bin/vim "$@" -fi - -# run vi otherwise -exec /usr/libexec/vi "$@" diff --git a/view_wrapper b/view_wrapper index 9e8d7207..a0b24c9d 100644 --- a/view_wrapper +++ b/view_wrapper @@ -7,4 +7,4 @@ then fi # run vi otherwise -exec /usr/libexec/vi -R "$@" +exec /usr/bin/vi -R "$@" diff --git a/vim.spec b/vim.spec index 94f91c46..e8033341 100644 --- a/vim.spec +++ b/vim.spec @@ -27,7 +27,7 @@ Summary: The VIM editor URL: http://www.vim.org/ Name: vim Version: %{baseversion}.%{patchlevel} -Release: 23%{?dist} +Release: 24%{?dist} License: Vim and MIT Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2 Source1: virc @@ -42,7 +42,6 @@ Source9: vim-default-editor.sh Source10: vim-default-editor.csh Source11: vim-default-editor.fish Source12: view_wrapper -Source13: vi_wrapper %if %{withvimspell} Source100: vim-spell-files.tar.bz2 @@ -539,17 +538,13 @@ cd src # and put the stripped files into correct dirs. Build system (koji/brew) # does it for us, so there is no need to do it in Vim %make_install BINDIR=%{_bindir} VIMRCLOC=/etc VIMRUNTIMEDIR=/usr/share/vim/%{vimdir} STRIP=/bin/true -# make install creates vim binary and view symlink, they will be wrappers -# so remove them here -%{_bindir}/rm -f %{buildroot}%{_bindir}/{vim,view} + make installgtutorbin DESTDIR=%{buildroot} BINDIR=%{_bindir} VIMRCLOC=/etc VIMRUNTIMEDIR=/usr/share/vim/%{vimdir} mkdir -p %{buildroot}%{_datadir}/icons/hicolor/{16x16,32x32,48x48,64x64}/apps -mkdir -p %{buildroot}%{_libexecdir} -install -m755 minimal-vim %{buildroot}%{_libexecdir}/vi +install -m755 minimal-vim %{buildroot}%{_bindir}/vi install -m755 enhanced-vim %{buildroot}%{_bindir}/vim install -m755 gvim %{buildroot}%{_bindir}/gvim install -m755 %{SOURCE12} %{buildroot}%{_bindir}/view -install -m755 %{SOURCE13} %{buildroot}%{_bindir}/vi install -p -m644 %{SOURCE3} \ %{buildroot}%{_datadir}/icons/hicolor/16x16/apps/gvim.png install -p -m644 %{SOURCE4} \ @@ -603,9 +598,9 @@ SentUpstream: 2014-05-22 EOF ( cd %{buildroot} - ln -sf %{_libexecdir}/vi .%{_bindir}/rvi - ln -sf %{_libexecdir}/vi .%{_bindir}/rview - ln -sf %{_libexecdir}/vi .%{_bindir}/ex + ln -sf %{_bindir}/vi .%{_bindir}/rvi + ln -sf %{_bindir}/vi .%{_bindir}/rview + ln -sf %{_bindir}/vi .%{_bindir}/ex ln -sf %{_bindir}/vim .%{_bindir}/rvim ln -sf %{_bindir}/vim .%{_bindir}/vimdiff perl -pi -e "s,%{buildroot},," .%{_mandir}/man1/vim.1 .%{_mandir}/man1/vimtutor.1 @@ -883,7 +878,6 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags %{_bindir}/rview %{_bindir}/vi %{_bindir}/view -%{_libexecdir}/vi %{_mandir}/man1/vi.* %{_mandir}/man1/ex.* %{_mandir}/man1/rvi.* @@ -953,6 +947,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags %endif %changelog +* Mon Feb 02 2026 Zdenek Dohnal - 2:8.2.2637-24 +- RHEL-143726 sudo not able to spawn "vi" command when NOEXEC is used to prevent escaping to shell + * Wed Sep 17 2025 Zdenek Dohnal - 2:8.2.2637-23 - RHEL-112005 CVE-2025-53905 vim: Vim path traversial - RHEL-112009 CVE-2025-53906 vim: Vim path traversal