added USE_TTY_TICKETS

diff --git a/OPTIONS b/OPTIONS
index 2a9402cdb4635be7e1183ca6ac8af87c185df3c6..8e4c8335ac74b518d3b4f7b292fcd549465302c4 100644 (file)
--- a/OPTIONS
+++ b/OPTIONS
@@ -166,6 +166,16 @@ SHELL_IF_NO_ARGS
     in the invoking user's /etc/passwd entry).
     This is off by default.
 
+USE_TTY_TICKETS
+    This makes sudo use a different ticket file for each tty (per user).
+    Ie: instead of the ticket file being "username" it is "username.tty".
+    This offers increased security in an open lab or with "shared"
+    accounts like "operator."  Note that this means that there will
+    be more files in the timestamp dir.  This is not a problem is your
+    system has a cron job to remove of files from /tmp (or wherever
+    you specified the timestamp dir to be).
+    This feature is off by default.
+
 FAST_MATCH
     When matching a given command to a path listed in the sudoers file,
     only check the inodes for a match if the basenames match.

diff --git a/options.h b/options.h
index 48ec96ea69725abb04273f65e054fb442638ad0e..a7acf1944a3a408cb2b9a8d257e9f106d84b4d11 100644 (file)
--- a/options.h
+++ b/options.h
@@ -60,6 +60,7 @@
 /*#define SECURE_PATH  "/bin:/usr/ucb:/usr/bin:/usr/etc:/etc" /* secure path */
 /*#define USE_EXECV            /* use execv() instead of execvp() */
 /*#define SHELL_IF_NO_ARGS     /* if sudo is given no arguments run a shell */
+/*#define USE_TTY_TICKETS      /* have a different ticket file for each tty */
 #define FAST_MATCH             /* command check fails if basenames not same */
 
 /**********  You probably don't want to modify anything below here  ***********/