Bug 185

Summary: Enable command fingerprinting
Product: Sudo Reporter: Marko Asplund <marko.asplund>
Component: ConfigureAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: high    
Version: 1.6.7   
Hardware: All   
OS: All   

Description Marko Asplund 2005-06-22 01:07:21 MDT 
Sometimes system administrators want to use sudo to allow normal users to run user owned commands 
as another user or root. Typically the system administrator would first audit the command (e.g. read 
source of compiled program or read script source) before allowing it to be run as root. The user can, 
however, modify the script or program afterwards to do something else. It would be nice if you could 
associate fingerprints (e.g. MD5 checksum) with commands so that if a fingerprint is configured for a 
command sudo would first check if the fingerprints match before running the command.

There are other ways to do this, of course, such as making the command owned by root and removing 
write access from the user but with the fingerprinting feature one would not need to change file file 
ownership flags.
Comment 1 Todd C. Miller 2013-06-16 06:36:36 MDT 
Sudo 1.8.7 allows you to associate a sha2 checksum with a command.