Add intercept_verify sudoers option to control execve(2) argument checking.

plugins/sudoers/def_data.c

@@ -667,6 +667,10 @@ struct sudo_defs_types sudo_defs_table[] = {
 	"intercept_type", T_TUPLE,
 	N_("The mechanism used by the intercept and log_subcmds options: %s"),
 	def_data_intercept_type,
+    }, {
+	"intercept_verify", T_FLAG,
+	N_("Whether to verify the command and arguments after execution"),
+	NULL,
     }, {
 	"apparmor_profile", T_STR,
 	N_("AppArmor profile to use in the new security context: %s"),