First Last Prev Next    This bug is not in your last search results.
Bug 185 - Enable command fingerprinting
Enable command fingerprinting
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Configure
1.6.7
All All
: high enhancement
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-22 01:07 MDT by Marko Asplund
Modified: 2013-06-16 06:36 MDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marko Asplund 2005-06-22 01:07:21 MDT 
Sometimes system administrators want to use sudo to allow normal users to run user owned commands 
as another user or root. Typically the system administrator would first audit the command (e.g. read 
source of compiled program or read script source) before allowing it to be run as root. The user can, 
however, modify the script or program afterwards to do something else. It would be nice if you could 
associate fingerprints (e.g. MD5 checksum) with commands so that if a fingerprint is configured for a 
command sudo would first check if the fingerprints match before running the command.

There are other ways to do this, of course, such as making the command owned by root and removing 
write access from the user but with the fingerprinting feature one would not need to change file file 
ownership flags.
Comment 1 Todd C. Miller 2013-06-16 06:36:36 MDT 
Sudo 1.8.7 allows you to associate a sha2 checksum with a command.
First Last Prev Next    This bug is not in your last search results.