Bug 181

Summary: Match checksums of programs
Product: Sudo Reporter: Michael Grubb <sudo>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: normal    
Version: 1.6.8   
Hardware: All   
OS: All   

Description Michael Grubb 2005-05-27 08:08:10 MDT 
Allow Cmnd_Alias definitions to specify a checksum for the binary name (the name would be more for 
sudo -l at that point). Then when sudo is invoked it will check the checksum of the program it is being 
asked to run, and compare with what is in sudoers.  This is more useful when wanting to do exclusions.  
Such as ALL, !/bin/su  which is advisory only.
You might be able to do something like:
Cmnd_Alias EVERYTHING_NOSU = ALL, !<md5sumhere>/bin/su
Comment 1 Todd C. Miller 2013-06-16 06:34:30 MDT 
Sudo 1.8.7 includes sha2 checksum support.