mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 22:35:10 +00:00
Code Issues Releases Wiki Activity

Add a new flag "allow_unknown_runas_id" to control matching of unknown IDs.

Browse Source 
Previous, sudo would always allow unknown user or group IDs if the
sudoers entry permitted it.  This included the "ALL" alias.
With this change, the admin must explicitly enable support for unknown IDs.
This commit is contained in:
Todd C. Miller
2019-12-09 17:14:06 -07:00
parent d7b4f88658
commit df8f06609c
7 changed files with 71 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/sudoers/def_data.h
View File

@@ -242,6 +242,8 @@
#define def_log_server_peer_cert (sudo_defs_table[I_LOG_SERVER_PEER_CERT].sd_un.str)
#define I_LOG_SERVER_PEER_KEY 121
#define def_log_server_peer_key (sudo_defs_table[I_LOG_SERVER_PEER_KEY].sd_un.str)
#define I_RUNAS_ALLOW_UNKNOWN_ID 122
#define def_runas_allow_unknown_id (sudo_defs_table[I_RUNAS_ALLOW_UNKNOWN_ID].sd_un.flag)
enum def_tuple {
never,