|
 |
72fdaf |
diff -up sudo-1.8.6p7/doc/sudoers.cat.digest-backport-docs sudo-1.8.6p7/doc/sudoers.cat
|
|
|
72fdaf |
--- sudo-1.8.6p7/doc/sudoers.cat.digest-backport-docs 2015-07-07 13:06:11.078653045 +0200
|
|
|
72fdaf |
+++ sudo-1.8.6p7/doc/sudoers.cat 2015-07-07 13:12:05.170955417 +0200
|
|
|
72fdaf |
@@ -260,6 +260,14 @@ S?SU?UD?DO?OE?ER?RS?S F?FI?IL?LE?E F?FO?
|
|
|
72fdaf |
``localhost'' will only match if that is the actual host name, which is
|
|
|
72fdaf |
usually only the case for non-networked systems.
|
|
|
72fdaf |
|
|
|
72fdaf |
+ digest ::= [A-Fa-f0-9]+ |
|
|
|
72fdaf |
+ [[A-Za-z0-9+/=]+
|
|
|
72fdaf |
+
|
|
|
72fdaf |
+ Digest_Spec ::= "sha224" ':' digest |
|
|
|
72fdaf |
+ "sha256" ':' digest |
|
|
|
72fdaf |
+ "sha384" ':' digest |
|
|
|
72fdaf |
+ "sha512" ':' digest
|
|
|
72fdaf |
+
|
|
|
72fdaf |
Cmnd_List ::= Cmnd |
|
|
|
72fdaf |
Cmnd ',' Cmnd_List
|
|
|
72fdaf |
|
|
|
72fdaf |
@@ -267,7 +275,7 @@ S?SU?UD?DO?OE?ER?RS?S F?FI?IL?LE?E F?FO?
|
|
|
72fdaf |
file name args |
|
|
|
72fdaf |
file name '""'
|
|
|
72fdaf |
|
|
|
72fdaf |
- Cmnd ::= '!'* command name |
|
|
|
72fdaf |
+ Cmnd ::= Digest_Spec? '!'* command name |
|
|
|
72fdaf |
'!'* directory |
|
|
|
72fdaf |
'!'* "sudoedit" |
|
|
|
72fdaf |
'!'* Cmnd_Alias
|
|
|
72fdaf |
@@ -291,6 +299,26 @@ S?SU?UD?DO?OE?ER?RS?S F?FI?IL?LE?E F?FO?
|
|
|
72fdaf |
to permit a user to run s?su?ud?do?o with the -?-e?e option (or as s?su?ud?do?oe?ed?di?it?t). It may
|
|
|
72fdaf |
take command line arguments just as a normal command does.
|
|
|
72fdaf |
|
|
|
72fdaf |
+ If a command name is prefixed with a Digest_Spec, the command will only
|
|
|
72fdaf |
+ match successfully if it can be verified using the specified SHA-2
|
|
|
72fdaf |
+ digest. This may be useful in situations where the user invoking s?su?ud?do?o
|
|
|
72fdaf |
+ has write access to the command or its parent directory. The following
|
|
|
72fdaf |
+ digest formats are supported: sha224, sha256, sha384 and sha512. The
|
|
|
72fdaf |
+ string may be specified in either hex or base64 format (base64 is more
|
|
|
72fdaf |
+ compact). There are several utilities capable of generating SHA-2
|
|
|
72fdaf |
+ digests in hex format such as openssl, shasum, sha224sum, sha256sum,
|
|
|
72fdaf |
+ sha384sum, sha512sum.
|
|
|
72fdaf |
+
|
|
|
72fdaf |
+ For example, using openssl:
|
|
|
72fdaf |
+
|
|
|
72fdaf |
+ $ openssl dgst -sha224 /bin/ls
|
|
|
72fdaf |
+ SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
|
|
|
72fdaf |
+
|
|
|
72fdaf |
+ It is also possible to use openssl to generate base64 output:
|
|
|
72fdaf |
+
|
|
|
72fdaf |
+ $ openssl dgst -binary -sha224 /bin/ls | openssl base64
|
|
|
72fdaf |
+ EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
|
|
|
72fdaf |
+
|
|
|
72fdaf |
D?De?ef?fa?au?ul?lt?ts?s
|
|
|
72fdaf |
Certain configuration options may be changed from their default values at
|
|
|
72fdaf |
run-time via one or more Default_Entry lines. These may affect all users
|
|
|
72fdaf |
@@ -1797,7 +1825,9 @@ E?EX?XA?AM?MP?PL?LE?ES?S
|
|
|
72fdaf |
|
|
|
72fdaf |
# Cmnd alias specification
|
|
|
72fdaf |
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
|
|
|
72fdaf |
- /usr/sbin/restore, /usr/sbin/rrestore
|
|
|
72fdaf |
+ /usr/sbin/restore, /usr/sbin/rrestore\
|
|
|
72fdaf |
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
|
|
|
72fdaf |
+ /home/operator/bin/start_backups
|
|
|
72fdaf |
Cmnd_Alias KILL = /usr/bin/kill
|
|
|
72fdaf |
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
|
|
|
72fdaf |
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
|
|
|
72fdaf |
@@ -1867,7 +1897,11 @@ E?EX?XA?AM?MP?PL?LE?ES?S
|
|
|
72fdaf |
The o?op?pe?er?ra?at?to?or?r user may run commands limited to simple maintenance. Here,
|
|
|
72fdaf |
those are commands related to backups, killing processes, the printing
|
|
|
72fdaf |
system, shutting down the system, and any commands in the directory
|
|
|
72fdaf |
- _?/_?u_?s_?r_?/_?o_?p_?e_?r_?/_?b_?i_?n_?/.
|
|
|
72fdaf |
+ _?/_?u_?s_?r_?/_?o_?p_?e_?r_?/_?b_?i_?n_?/. Note that one command in the DUMPS Cmnd_Alias includes a
|
|
|
72fdaf |
+ sha224 digest, _?/_?h_?o_?m_?e_?/_?o_?p_?e_?r_?a_?t_?o_?r_?/_?b_?i_?n_?/_?s_?t_?a_?r_?t_?__?b_?a_?c_?k_?u_?p_?s. This is because the
|
|
|
72fdaf |
+ directory containing the script is writable by the operator user. If the
|
|
|
72fdaf |
+ script is modified (resulting in a digest mismatch) it will no longer be
|
|
|
72fdaf |
+ possible to run it via s?su?ud?do?o.
|
|
|
72fdaf |
|
|
|
72fdaf |
joe ALL = /usr/bin/su operator
|
|
|
72fdaf |
|
|
|
72fdaf |
diff -up sudo-1.8.6p7/doc/sudoers.man.in.digest-backport-docs sudo-1.8.6p7/doc/sudoers.man.in
|
|
|
72fdaf |
--- sudo-1.8.6p7/doc/sudoers.man.in.digest-backport-docs 2015-07-07 13:06:28.363472547 +0200
|
|
|
72fdaf |
+++ sudo-1.8.6p7/doc/sudoers.man.in 2015-07-07 13:16:05.250448374 +0200
|
|
|
72fdaf |
@@ -602,6 +602,14 @@ only the case for non-networked systems.
|
|
|
72fdaf |
.nf
|
|
|
72fdaf |
.sp
|
|
|
72fdaf |
.RS 0n
|
|
|
72fdaf |
+digest ::= [A-Fa-f0-9]+ |
|
|
|
72fdaf |
+ [[A-Za-z0-9\+/=]+
|
|
|
72fdaf |
+
|
|
|
72fdaf |
+Digest_Spec ::= "sha224" ':' digest |
|
|
|
72fdaf |
+ "sha256" ':' digest |
|
|
|
72fdaf |
+ "sha384" ':' digest |
|
|
|
72fdaf |
+ "sha512" ':' digest
|
|
|
72fdaf |
+
|
|
|
72fdaf |
Cmnd_List ::= Cmnd |
|
|
|
72fdaf |
Cmnd ',' Cmnd_List
|
|
|
72fdaf |
|
|
|
72fdaf |
@@ -609,7 +617,7 @@ command name ::= file name |
|
|
|
72fdaf |
file name args |
|
|
|
72fdaf |
file name '""'
|
|
|
72fdaf |
|
|
|
72fdaf |
-Cmnd ::= '!'* command name |
|
|
|
72fdaf |
+Cmnd ::= Digest_Spec? '!'* command name |
|
|
|
72fdaf |
'!'* directory |
|
|
|
72fdaf |
'!'* "sudoedit" |
|
|
|
72fdaf |
'!'* Cmnd_Alias
|
|
|
72fdaf |
@@ -664,6 +672,39 @@ with the
|
|
|
72fdaf |
option (or as
|
|
|
72fdaf |
\fBsudoedit\fR).
|
|
|
72fdaf |
It may take command line arguments just as a normal command does.
|
|
|
72fdaf |
+.PP
|
|
|
72fdaf |
+If a
|
|
|
72fdaf |
+\fRcommand name\fR
|
|
|
72fdaf |
+is prefixed with a
|
|
|
72fdaf |
+\fRDigest_Spec\fR,
|
|
|
72fdaf |
+the command will only match successfully if it can be verified
|
|
|
72fdaf |
+using the specified SHA-2 digest.
|
|
|
72fdaf |
+This may be useful in situations where the user invoking
|
|
|
72fdaf |
+\fBsudo\fR
|
|
|
72fdaf |
+has write access to the command or its parent directory.
|
|
|
72fdaf |
+The following digest formats are supported: sha224, sha256, sha384 and sha512.
|
|
|
72fdaf |
+The string may be specified in either hex or base64 format
|
|
|
72fdaf |
+(base64 is more compact).
|
|
|
72fdaf |
+There are several utilities capable of generating SHA-2 digests in hex
|
|
|
72fdaf |
+format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum.
|
|
|
72fdaf |
+.PP
|
|
|
72fdaf |
+For example, using openssl:
|
|
|
72fdaf |
+.nf
|
|
|
72fdaf |
+.sp
|
|
|
72fdaf |
+.RS 0n
|
|
|
72fdaf |
+$ openssl dgst -sha224 /bin/ls
|
|
|
72fdaf |
+SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
|
|
|
72fdaf |
+.RE
|
|
|
72fdaf |
+.fi
|
|
|
72fdaf |
+.PP
|
|
|
72fdaf |
+It is also possible to use openssl to generate base64 output:
|
|
|
72fdaf |
+.nf
|
|
|
72fdaf |
+.sp
|
|
|
72fdaf |
+.RS 0n
|
|
|
72fdaf |
+$ openssl dgst -binary -sha224 /bin/ls | openssl base64
|
|
|
72fdaf |
+EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
|
|
|
72fdaf |
+.RE
|
|
|
72fdaf |
+.fi
|
|
|
72fdaf |
.SS "Defaults"
|
|
|
72fdaf |
Certain configuration options may be changed from their default
|
|
|
72fdaf |
values at run-time via one or more
|
|
|
72fdaf |
@@ -3684,7 +3725,9 @@ Host_Alias CDROM = orion, perseus, hercu
|
|
|
72fdaf |
|
|
|
72fdaf |
# Cmnd alias specification
|
|
|
72fdaf |
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e
|
|
|
72fdaf |
- /usr/sbin/restore, /usr/sbin/rrestore
|
|
|
72fdaf |
+ /usr/sbin/restore, /usr/sbin/rrestore\e
|
|
|
72fdaf |
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e
|
|
|
72fdaf |
+ /home/operator/bin/start_backups
|
|
|
72fdaf |
Cmnd_Alias KILL = /usr/bin/kill
|
|
|
72fdaf |
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
|
|
|
72fdaf |
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
|
|
|
72fdaf |
@@ -3836,6 +3879,15 @@ Here, those are commands related to back
|
|
|
72fdaf |
printing system, shutting down the system, and any commands in the
|
|
|
72fdaf |
directory
|
|
|
72fdaf |
\fI/usr/oper/bin/\fR.
|
|
|
72fdaf |
+Note that one command in the
|
|
|
72fdaf |
+\fRDUMPS\fR
|
|
|
72fdaf |
+Cmnd_Alias includes a sha224 digest,
|
|
|
72fdaf |
+\fI/home/operator/bin/start_backups\fR.
|
|
|
72fdaf |
+This is because the directory containing the script is writable by the
|
|
|
72fdaf |
+operator user.
|
|
|
72fdaf |
+If the script is modified (resulting in a digest mismatch) it will no longer
|
|
|
72fdaf |
+be possible to run it via
|
|
|
72fdaf |
+\fBsudo\fR.
|
|
|
72fdaf |
.nf
|
|
|
72fdaf |
.sp
|
|
|
72fdaf |
.RS 0n
|
|
|
72fdaf |
diff -up sudo-1.8.6p7/doc/sudoers.mdoc.in.digest-backport-docs sudo-1.8.6p7/doc/sudoers.mdoc.in
|
|
|
72fdaf |
--- sudo-1.8.6p7/doc/sudoers.mdoc.in.digest-backport-docs 2015-07-07 13:06:18.919571166 +0200
|
|
|
72fdaf |
+++ sudo-1.8.6p7/doc/sudoers.mdoc.in 2015-07-07 13:23:45.072854748 +0200
|
|
|
72fdaf |
@@ -579,6 +579,14 @@ Also, the host name
|
|
|
72fdaf |
will only match if that is the actual host name, which is usually
|
|
|
72fdaf |
only the case for non-networked systems.
|
|
|
72fdaf |
.Bd -literal
|
|
|
72fdaf |
+digest ::= [A-Fa-f0-9]+ |
|
|
|
72fdaf |
+ [[A-Za-z0-9\+/=]+
|
|
|
72fdaf |
+
|
|
|
72fdaf |
+Digest_Spec ::= "sha224" ':' digest |
|
|
|
72fdaf |
+ "sha256" ':' digest |
|
|
|
72fdaf |
+ "sha384" ':' digest |
|
|
|
72fdaf |
+ "sha512" ':' digest
|
|
|
72fdaf |
+
|
|
|
72fdaf |
Cmnd_List ::= Cmnd |
|
|
|
72fdaf |
Cmnd ',' Cmnd_List
|
|
|
72fdaf |
|
|
|
72fdaf |
@@ -586,7 +594,7 @@ command name ::= file name |
|
|
|
72fdaf |
file name args |
|
|
|
72fdaf |
file name '""'
|
|
|
72fdaf |
|
|
|
72fdaf |
-Cmnd ::= '!'* command name |
|
|
|
72fdaf |
+Cmnd ::= Digest_Spec? '!'* command name |
|
|
|
72fdaf |
'!'* directory |
|
|
|
72fdaf |
'!'* "sudoedit" |
|
|
|
72fdaf |
'!'* Cmnd_Alias
|
|
|
72fdaf |
@@ -640,6 +648,33 @@ with the
|
|
|
72fdaf |
option (or as
|
|
|
72fdaf |
.Nm sudoedit ) .
|
|
|
72fdaf |
It may take command line arguments just as a normal command does.
|
|
|
72fdaf |
+.Pp
|
|
|
72fdaf |
+If a
|
|
|
72fdaf |
+.Li command name
|
|
|
72fdaf |
+is prefixed with a
|
|
|
72fdaf |
+.Li Digest_Spec ,
|
|
|
72fdaf |
+the command will only match successfully if it can be verified
|
|
|
72fdaf |
+using the specified SHA-2 digest.
|
|
|
72fdaf |
+This may be useful in situations where the user invoking
|
|
|
72fdaf |
+.Nm sudo
|
|
|
72fdaf |
+has write access to the command or its parent directory.
|
|
|
72fdaf |
+The following digest formats are supported: sha224, sha256, sha384 and sha512.
|
|
|
72fdaf |
+The string may be specified in either hex or base64 format
|
|
|
72fdaf |
+(base64 is more compact).
|
|
|
72fdaf |
+There are several utilities capable of generating SHA-2 digests in hex
|
|
|
72fdaf |
+format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum.
|
|
|
72fdaf |
+.Pp
|
|
|
72fdaf |
+For example, using openssl:
|
|
|
72fdaf |
+.Bd -literal
|
|
|
72fdaf |
+$ openssl dgst -sha224 /bin/ls
|
|
|
72fdaf |
+SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
|
|
|
72fdaf |
+.Ed
|
|
|
72fdaf |
+.Pp
|
|
|
72fdaf |
+It is also possible to use openssl to generate base64 output:
|
|
|
72fdaf |
+.Bd -literal
|
|
|
72fdaf |
+$ openssl dgst -binary -sha224 /bin/ls | openssl base64
|
|
|
72fdaf |
+EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
|
|
|
72fdaf |
+.Ed
|
|
|
72fdaf |
.Ss Defaults
|
|
|
72fdaf |
Certain configuration options may be changed from their default
|
|
|
72fdaf |
values at run-time via one or more
|
|
|
72fdaf |
@@ -3407,7 +3442,9 @@ Host_Alias CDROM = orion, perseus, hercu
|
|
|
72fdaf |
|
|
|
72fdaf |
# Cmnd alias specification
|
|
|
72fdaf |
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e
|
|
|
72fdaf |
- /usr/sbin/restore, /usr/sbin/rrestore
|
|
|
72fdaf |
+ /usr/sbin/restore, /usr/sbin/rrestore\e
|
|
|
72fdaf |
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e
|
|
|
72fdaf |
+ /home/operator/bin/start_backups
|
|
|
72fdaf |
Cmnd_Alias KILL = /usr/bin/kill
|
|
|
72fdaf |
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
|
|
|
72fdaf |
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
|
|
|
72fdaf |
@@ -3540,6 +3577,15 @@ Here, those are commands related to back
|
|
|
72fdaf |
printing system, shutting down the system, and any commands in the
|
|
|
72fdaf |
directory
|
|
|
72fdaf |
.Pa /usr/oper/bin/ .
|
|
|
72fdaf |
+Note that one command in the
|
|
|
72fdaf |
+.Li DUMPS
|
|
|
72fdaf |
+Cmnd_Alias includes a sha224 digest,
|
|
|
72fdaf |
+.Pa /home/operator/bin/start_backups .
|
|
|
72fdaf |
+This is because the directory containing the script is writable by the
|
|
|
72fdaf |
+operator user.
|
|
|
72fdaf |
+If the script is modified (resulting in a digest mismatch) it will no longer
|
|
|
72fdaf |
+be possible to run it via
|
|
|
72fdaf |
+.Nm sudo .
|
|
|
72fdaf |
.Bd -literal
|
|
|
72fdaf |
joe ALL = /usr/bin/su operator
|
|
|
72fdaf |
.Ed
|