isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add intercept_verify sudoers option to control execve(2) argument checking.

Browse Source
This commit is contained in:
Todd C. Miller
2022-07-29 15:22:27 -06:00
parent b80b012de0
commit 3ce19efca9
10 changed files with 99 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/sudoers.man.in
View File

@@ -25,7 +25,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
.TH "SUDOERS" "@mansectform@" "May 31, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDOERS" "@mansectform@" "July 29, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -3399,6 +3399,31 @@ by default.
.sp
This setting is only supported by version 1.9.8 or higher.
.TP 18n
intercept_verify
If set,
\fBsudo\fR
will attempt to verify that a command run in intercept mode has
the expected path name and command line arguments.
The process is stopped after
execve(2)
has completed but before the new command has had a chance to run.
In the case of a path name or argument mismatch, the command will be sent a
\fRSIGKILL\fR
signal and terminated.
This flag has no effect unless the
\fIintercept\fR
flag is enabled or the
\fIINTERCEPT\fR
tag has been set for the command and the
\fIintercept_type\fR
option is set to
\fItrace\fR.
This flag is
\fIon\fR
by default.
.sp
This setting is only supported by version 1.9.12 or higher.
.TP 18n
netgroup_tuple
If set, netgroup lookups will be performed using the full netgroup
tuple: host name, user name, and domain (if one is set).

26
docs/sudoers.mdoc.in
View File

@@ -25,7 +25,7 @@
.nr BA @BAMAN@
.nr LC @LCMAN@
.nr PS @PSMAN@
.Dd May 31, 2022
.Dd July 29, 2022
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -3220,6 +3220,30 @@ This flag is
by default.
.Pp
This setting is only supported by version 1.9.8 or higher.
.It intercept_verify
If set,
.Nm sudo
will attempt to verify that a command run in intercept mode has
the expected path name and command line arguments.
The process is stopped after
.Xr execve 2
has completed but before the new command has had a chance to run.
In the case of a path name or argument mismatch, the command will be sent a
.Dv SIGKILL
signal and terminated.
This flag has no effect unless the
.Em intercept
flag is enabled or the
.Em INTERCEPT
tag has been set for the command and the
.Em intercept_type
option is set to
.Em trace .
This flag is
.Em on
by default.
.Pp
This setting is only supported by version 1.9.12 or higher.
.It netgroup_tuple
If set, netgroup lookups will be performed using the full netgroup
tuple: host name, user name, and domain (if one is set).