isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add intercept_authenticate sudoers option, defaults to false.

Browse Source 
By default, sudoers will not require authentication of commands run
via an intercepted session.  To require authenticaton of subsequent
commands, enable intercept_authenticate in sudoers.
This commit is contained in:
Todd C. Miller
2021-08-09 15:50:26 -06:00
parent 13b89e9103
commit 788708c9ff
9 changed files with 68 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugins/sudoers/policy.c
View File

@@ -81,7 +81,7 @@ parse_bool(const char *line, int varlen, int *flags, int fval)
}
}
#define RUN_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_IMPLIED_SHELL|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_PRESERVE_GROUPS|MODE_SHELL|MODE_RUN)
#define RUN_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_IMPLIED_SHELL|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_PRESERVE_GROUPS|MODE_SHELL|MODE_RUN|MODE_POLICY_INTERCEPTED)
#define EDIT_VALID_FLAGS (MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_EDIT)
#define LIST_VALID_FLAGS (MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_LIST|MODE_CHECK)
#define VALIDATE_VALID_FLAGS (MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_VALIDATE)
@@ -184,6 +184,7 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
}
/* Parse command line settings. */
sudo_mode = 0;
user_closefrom = -1;
for (cur = info->settings; *cur != NULL; cur++) {
if (MATCHES(*cur, "closefrom=")) {