Warn on relative paths in secure_path

[WaterWhisperer]

Fixes: #1153

[WaterWhisperer]

I extended the existing secure_path tests instead of adding separate new ones for a small behavior change.

[squell]

Suggestion: if user_warn! is used, that means visudo cannot act on this diagnostic.

Another approach could be to add this sanity check in sudoers/mod.rs and push it on the vector containing the various diagnostics (similar to how circular aliases are complained about).

[WaterWhisperer]

Suggestion: if user_warn! is used, that means visudo cannot act on this diagnostic.

Another approach could be to add this sanity check in sudoers/mod.rs and push it on the vector containing the various diagnostics (similar to how circular aliases are complained about).

I reworked this into the sudoers diagnostics path so visudo sees it too.

One thing I'm a bit confused: under the visudo pipeline this ends up being shown as syntax error: ..., even though it is a diagnostic about secure_path(and like recursive alias). Is that the intended presentation?

[squell]

One thing I'm a bit confused: under the visudo pipeline this ends up being shown as syntax error: ..., even though it is a diagnostic about secure_path(and like recursive alias). Is that the intended presentation?

That's a good point. We're open to changing that error prefix to something better (could be more generic like "error" or less lazy like "configuration error"). Technically, you could argue it is also not a syntax error if someone would write Defaults !flerbage.

[WaterWhisperer]

That's a good point. We're open to changing that error prefix to something better (could be more generic like "error" or less lazy like "configuration error"). Technically, you could argue it is also not a syntax error if someone would write Defaults !flerbage.

Makes sense. The wording still feels a little imperfect to me, but I think it's acceptable now. A more general prefix improvement could be handled separately and may need more discussions.