Add intercept_authenticate sudoers option, defaults to false.

By default, sudoers will not require authentication of commands run via an intercepted session. To require authenticaton of subsequent commands, enable intercept_authenticate in sudoers.
2021-08-09 15:50:26 -06:00
parent 13b89e9103
commit 788708c9ff
9 changed files with 68 additions and 3 deletions
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -589,6 +589,10 @@ struct sudo_defs_types sudo_defs_table[] = {
 	"log_exit_status", T_FLAG,
 	N_("Log the exit status of commands"),
 	NULL,
+    }, {
+	"intercept_authenticate", T_FLAG,
+	N_("Subsequent commands in an intercepted session must be authenticated"),
+	NULL,
    }, {
 	NULL, 0, NULL
    }