Bug 785 – add two-man rule functionality to sudo

Bug 785 - add two-man rule functionality to sudo


Summary:	add two-man rule functionality to sudo

Status:	NEW

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.19
Hardware:	PC All

Importance:	low enhancement
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-05-04 10:28 MDT by dcfix
Modified:	2017-05-04 10:28 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description dcfix 2017-05-04 10:28:39 MDT

Thanks for this awesome program! I appreciate your work!

On May 4th, Amazon suffered a major outage when an authorized tech fat-fingered a command from their "playbook." This might have been avoided if a second authorized user was required to validate the command before it was executed. 

Background on the two-man rule can be found here: https://en.wikipedia.org/wiki/Two-man_rule

I propose that when a user runs the sudo command, the program will check the config file to see if the command being invoked is in the two-man (or dual-auth) list. If it's in the list, sudo grabs the timeout value from the config (30 second time out as the default.) Sudo then checks the log file to see if the **exact same command** had been issued by a **different user** within the timeout period. If it has, sudo runs the command. If not, sudo notifies the user that a second authorized user must execute the same command within the timeout window.