Add intercept_allow_setid sudoers option, disabled by default.

With this change, a shell in intercept mode cannot run a setuid or setgid binary by default. On most systems, the dynamic loader will ignore LD_PRELOAD for setuid/setgid binaries such as sudo which would effectively disable intercept mode.
2025-08-31 06:15:37 +00:00 · 2021-08-18 15:43:26 -06:00
parent 53a95e3a50
commit f9d3f46fa7
9 changed files with 130 additions and 39 deletions
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -593,6 +593,10 @@ struct sudo_defs_types sudo_defs_table[] = {
 	"intercept_authenticate", T_FLAG,
 	N_("Subsequent commands in an intercepted session must be authenticated"),
 	NULL,
+    }, {
+	"intercept_allow_setid", T_FLAG,
+	N_("Allow an intercepted command to run set setuid or setgid programs"),
+	NULL,
    }, {
 	NULL, 0, NULL
    }