As I read http://www.securityfocus.com/bid/13171/discussion/ , which has been assigned CVE id CAN-2005-1119, this is a security hole because visodo is not limited to editing /etc/sudoers. With the -f switch, it can be made to edit some other file; if that other file is in a directory to which an attacker has write access, they can overwrite arbitrary files via a symlink attack.
Still fairly theoretical, but I wanted to note that this is CAN-2005-1119 .. -- see shy jo
signature.asc
Description: Digital signature
