[arch-general] Question about visudo and info in the Wiki

[Don Juan]

Being new to Arch and finally getting a working system minus the ability 
to always be able to cleanly reboot and shutdown every time. I started 
reading about securing my install and ran across the Security wiki on 
archlinux.org and it states that you can not use the EDITOR envvar.

But in reality you can use this and it allows you the ability to run 
nano like it says visudo does not allow you to do. Is it just a bug in 
the current release of visudo, am I not understanding the information in 
the Wiki properly or? Wouldn't this open up a way larger issue?

Quote: "By default, visudo doesn’t follow EDITOR envvar. Also it’s 
regarded as severe security risk since everything can be used as EDITOR 
(hello, rootkits!). The best practice is to add the following line to 
//etc/sudoers/ (remember to put full path to your favourite editor): "

I have not added anything to my file other than allowing the wheel group 
sudo rights. Not trying to start any conspiracy here or anything just 
curious, could it be a fubared install on my end? I can do it from the 
root user and by issuing sudo EDITOR=nano visudo.

Thank you



My Source:
https://wiki.archlinux.org/index.php/Security