We cannot perform passwd/group lookups _after_ changing the root
directory. This does mean that symbolic links in a path are not
currently handled properly when matching chroot()ed commands.
Fixes a local privilege escalation vulnerability where a user could
craft their own nsswitch.conf file to load a shared library of their
choosing and run arbitrary code. CVE-2025-32463
Reported by Rich Mirch @ Stratascale Cyber Research Unit (CRU).
We rely on the include path to find many of these headers. It
especially doesn't make sense to use #include "foo.h" for headers
in the top-level include directory.
There is no case where we should fail to find an editor just because
the values of EDITOR, VISUAL and SUDO_EDITOR are unavailable. Both
sudoedit and the "env_editor" sudoers setting are documented as
falling back on the hard-coded list of editors in the "editors"
sudoers setting. Bug #1000
