AFAIK, sudoedit gives a user, permission to edit a file that is owned and writable by root. It makes a copy of that file, the copy is owned by the user, and then it spawns a text editor with the privileges of the user. In this way, it avoids the dangers of running a text editor as root (shell escapes).

On the other hand, visudo also makes a copy of the sudoers file, however, that copy is owned by root and it spawns a text editor with root privileges. Also, on a Debian 12 system I tried, you can get a root shell from within visudo -- it spawns an instance of nano and via the Execute option in nano you can get a shell escape. For e.g. if you type cat /etc/shadow to Execute, it works.

Why does visudo spawn a text editor as root? Why can't it do what sudoedit does (make a copy owned by the user, spawn a text editor as the user)? Wouldn't that be more secure?

At least, shouldn't it block shell escapes from within the text editor that it spawns as root? Why doesn't it do that?

Thanks!

As far as I know, sudoedit gives a user permission to edit a file that is owned and writable by root. It makes a copy of that file, the copy is owned by the user, and then it spawns a text editor with the privileges of the user. In this way, it avoids the dangers of running a text editor as root (shell escapes).

On the other hand, visudo also makes a copy of the sudoers file. However, that copy is owned by root and it spawns a text editor with root privileges. Also, on a Debian 12 system I tried, you can get a root shell from within visudo: it spawns an instance of nano and via the Execute option in nano you can get a shell escape. For example, if you type cat /etc/shadow to Execute, it works.

Why does visudo spawn a text editor as root? Why can't it do what sudoedit does (make a copy owned by the user, spawn a text editor as the user)? Wouldn't that be more secure?

At least, shouldn't it block shell escapes from within the text editor that it spawns as root? Why doesn't it do that?