Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific
users, does not properly handle '--' to separate the editor and
arguments from files to edit. A local user permitted to edit certain
files can take advantage of this flaw to edit a file not permitted by
the security policy, resulting in privilege escalation.