diff -up sudo-1.8.6p7/doc/sudoers.cat.digest-backport-docs sudo-1.8.6p7/doc/sudoers.cat
--- sudo-1.8.6p7/doc/sudoers.cat.digest-backport-docs 2015-07-07 13:06:11.078653045 +0200
+++ sudo-1.8.6p7/doc/sudoers.cat 2015-07-07 13:12:05.170955417 +0200
@@ -260,6 +260,14 @@ SSUUDDOOEERRSS FFIILLEE FFO
``localhost'' will only match if that is the actual host name, which is
usually only the case for non-networked systems.
+ digest ::= [A-Fa-f0-9]+ |
+ [[A-Za-z0-9+/=]+
+
+ Digest_Spec ::= "sha224" ':' digest |
+ "sha256" ':' digest |
+ "sha384" ':' digest |
+ "sha512" ':' digest
+
Cmnd_List ::= Cmnd |
Cmnd ',' Cmnd_List
@@ -267,7 +275,7 @@ SSUUDDOOEERRSS FFIILLEE FFO
file name args |
file name '""'
- Cmnd ::= '!'* command name |
+ Cmnd ::= Digest_Spec? '!'* command name |
'!'* directory |
'!'* "sudoedit" |
'!'* Cmnd_Alias
@@ -291,6 +299,26 @@ SSUUDDOOEERRSS FFIILLEE FFO
to permit a user to run ssuuddoo with the --ee option (or as ssuuddooeeddiitt). It may
take command line arguments just as a normal command does.
+ If a command name is prefixed with a Digest_Spec, the command will only
+ match successfully if it can be verified using the specified SHA-2
+ digest. This may be useful in situations where the user invoking ssuuddoo
+ has write access to the command or its parent directory. The following
+ digest formats are supported: sha224, sha256, sha384 and sha512. The
+ string may be specified in either hex or base64 format (base64 is more
+ compact). There are several utilities capable of generating SHA-2
+ digests in hex format such as openssl, shasum, sha224sum, sha256sum,
+ sha384sum, sha512sum.
+
+ For example, using openssl:
+
+ $ openssl dgst -sha224 /bin/ls
+ SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
+
+ It is also possible to use openssl to generate base64 output:
+
+ $ openssl dgst -binary -sha224 /bin/ls | openssl base64
+ EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
+
DDeeffaauullttss
Certain configuration options may be changed from their default values at
run-time via one or more Default_Entry lines. These may affect all users
@@ -1797,7 +1825,9 @@ EEXXAAMMPPLLEESS
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
- /usr/sbin/restore, /usr/sbin/rrestore
+ /usr/sbin/restore, /usr/sbin/rrestore\
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
+ /home/operator/bin/start_backups
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
@@ -1867,7 +1897,11 @@ EEXXAAMMPPLLEESS
The ooppeerraattoorr user may run commands limited to simple maintenance. Here,
those are commands related to backups, killing processes, the printing
system, shutting down the system, and any commands in the directory
- _/_u_s_r_/_o_p_e_r_/_b_i_n_/.
+ _/_u_s_r_/_o_p_e_r_/_b_i_n_/. Note that one command in the DUMPS Cmnd_Alias includes a
+ sha224 digest, _/_h_o_m_e_/_o_p_e_r_a_t_o_r_/_b_i_n_/_s_t_a_r_t___b_a_c_k_u_p_s. This is because the
+ directory containing the script is writable by the operator user. If the
+ script is modified (resulting in a digest mismatch) it will no longer be
+ possible to run it via ssuuddoo.
joe ALL = /usr/bin/su operator
diff -up sudo-1.8.6p7/doc/sudoers.man.in.digest-backport-docs sudo-1.8.6p7/doc/sudoers.man.in
--- sudo-1.8.6p7/doc/sudoers.man.in.digest-backport-docs 2015-07-07 13:06:28.363472547 +0200
+++ sudo-1.8.6p7/doc/sudoers.man.in 2015-07-07 13:16:05.250448374 +0200
@@ -602,6 +602,14 @@ only the case for non-networked systems.
.nf
.sp
.RS 0n
+digest ::= [A-Fa-f0-9]+ |
+ [[A-Za-z0-9\+/=]+
+
+Digest_Spec ::= "sha224" ':' digest |
+ "sha256" ':' digest |
+ "sha384" ':' digest |
+ "sha512" ':' digest
+
Cmnd_List ::= Cmnd |
Cmnd ',' Cmnd_List
@@ -609,7 +617,7 @@ command name ::= file name |
file name args |
file name '""'
-Cmnd ::= '!'* command name |
+Cmnd ::= Digest_Spec? '!'* command name |
'!'* directory |
'!'* "sudoedit" |
'!'* Cmnd_Alias
@@ -664,6 +672,39 @@ with the
option (or as
\fBsudoedit\fR).
It may take command line arguments just as a normal command does.
+.PP
+If a
+\fRcommand name\fR
+is prefixed with a
+\fRDigest_Spec\fR,
+the command will only match successfully if it can be verified
+using the specified SHA-2 digest.
+This may be useful in situations where the user invoking
+\fBsudo\fR
+has write access to the command or its parent directory.
+The following digest formats are supported: sha224, sha256, sha384 and sha512.
+The string may be specified in either hex or base64 format
+(base64 is more compact).
+There are several utilities capable of generating SHA-2 digests in hex
+format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum.
+.PP
+For example, using openssl:
+.nf
+.sp
+.RS 0n
+$ openssl dgst -sha224 /bin/ls
+SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
+.RE
+.fi
+.PP
+It is also possible to use openssl to generate base64 output:
+.nf
+.sp
+.RS 0n
+$ openssl dgst -binary -sha224 /bin/ls | openssl base64
+EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
+.RE
+.fi
.SS "Defaults"
Certain configuration options may be changed from their default
values at run-time via one or more
@@ -3684,7 +3725,9 @@ Host_Alias CDROM = orion, perseus, hercu
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e
- /usr/sbin/restore, /usr/sbin/rrestore
+ /usr/sbin/restore, /usr/sbin/rrestore\e
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e
+ /home/operator/bin/start_backups
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
@@ -3836,6 +3879,15 @@ Here, those are commands related to back
printing system, shutting down the system, and any commands in the
directory
\fI/usr/oper/bin/\fR.
+Note that one command in the
+\fRDUMPS\fR
+Cmnd_Alias includes a sha224 digest,
+\fI/home/operator/bin/start_backups\fR.
+This is because the directory containing the script is writable by the
+operator user.
+If the script is modified (resulting in a digest mismatch) it will no longer
+be possible to run it via
+\fBsudo\fR.
.nf
.sp
.RS 0n
diff -up sudo-1.8.6p7/doc/sudoers.mdoc.in.digest-backport-docs sudo-1.8.6p7/doc/sudoers.mdoc.in
--- sudo-1.8.6p7/doc/sudoers.mdoc.in.digest-backport-docs 2015-07-07 13:06:18.919571166 +0200
+++ sudo-1.8.6p7/doc/sudoers.mdoc.in 2015-07-07 13:23:45.072854748 +0200
@@ -579,6 +579,14 @@ Also, the host name
will only match if that is the actual host name, which is usually
only the case for non-networked systems.
.Bd -literal
+digest ::= [A-Fa-f0-9]+ |
+ [[A-Za-z0-9\+/=]+
+
+Digest_Spec ::= "sha224" ':' digest |
+ "sha256" ':' digest |
+ "sha384" ':' digest |
+ "sha512" ':' digest
+
Cmnd_List ::= Cmnd |
Cmnd ',' Cmnd_List
@@ -586,7 +594,7 @@ command name ::= file name |
file name args |
file name '""'
-Cmnd ::= '!'* command name |
+Cmnd ::= Digest_Spec? '!'* command name |
'!'* directory |
'!'* "sudoedit" |
'!'* Cmnd_Alias
@@ -640,6 +648,33 @@ with the
option (or as
.Nm sudoedit ) .
It may take command line arguments just as a normal command does.
+.Pp
+If a
+.Li command name
+is prefixed with a
+.Li Digest_Spec ,
+the command will only match successfully if it can be verified
+using the specified SHA-2 digest.
+This may be useful in situations where the user invoking
+.Nm sudo
+has write access to the command or its parent directory.
+The following digest formats are supported: sha224, sha256, sha384 and sha512.
+The string may be specified in either hex or base64 format
+(base64 is more compact).
+There are several utilities capable of generating SHA-2 digests in hex
+format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum.
+.Pp
+For example, using openssl:
+.Bd -literal
+$ openssl dgst -sha224 /bin/ls
+SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
+.Ed
+.Pp
+It is also possible to use openssl to generate base64 output:
+.Bd -literal
+$ openssl dgst -binary -sha224 /bin/ls | openssl base64
+EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
+.Ed
.Ss Defaults
Certain configuration options may be changed from their default
values at run-time via one or more
@@ -3407,7 +3442,9 @@ Host_Alias CDROM = orion, perseus, hercu
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e
- /usr/sbin/restore, /usr/sbin/rrestore
+ /usr/sbin/restore, /usr/sbin/rrestore\e
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e
+ /home/operator/bin/start_backups
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
@@ -3540,6 +3577,15 @@ Here, those are commands related to back
printing system, shutting down the system, and any commands in the
directory
.Pa /usr/oper/bin/ .
+Note that one command in the
+.Li DUMPS
+Cmnd_Alias includes a sha224 digest,
+.Pa /home/operator/bin/start_backups .
+This is because the directory containing the script is writable by the
+operator user.
+If the script is modified (resulting in a digest mismatch) it will no longer
+be possible to run it via
+.Nm sudo .
.Bd -literal
joe ALL = /usr/bin/su operator
.Ed