Bug 181 – Match checksums of programs

Bug 181 - Match checksums of programs


Summary:	Match checksums of programs

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.8
Hardware:	All All

Importance:	normal enhancement
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2005-05-27 08:08 MDT by Michael Grubb
Modified:	2013-06-16 06:34 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Grubb 2005-05-27 08:08:10 MDT

Allow Cmnd_Alias definitions to specify a checksum for the binary name (the name would be more for 
sudo -l at that point). Then when sudo is invoked it will check the checksum of the program it is being 
asked to run, and compare with what is in sudoers.  This is more useful when wanting to do exclusions.  
Such as ALL, !/bin/su  which is advisory only.
You might be able to do something like:
Cmnd_Alias EVERYTHING_NOSU = ALL, !<md5sumhere>/bin/su

Comment 1 Todd C. Miller 2013-06-16 06:34:30 MDT

Sudo 1.8.7 includes sha2 checksum support.