as sudoers does not specify a shorter time limit.
s\bsu\bud\bdo\bo -\b-l\bl [-\b-A\bAk\bkn\bnS\bS] [-\b-a\ba _\bt_\by_\bp_\be] [-\b-g\bg _\bg_\br_\bo_\bu_\bp] [-\b-h\bh _\bh_\bo_\bs_\bt] [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-U\bU _\bu_\bs_\be_\br]
[-\b-u\bu _\bu_\bs_\be_\br] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
s\bsu\bud\bdo\bo [-\b-A\bAb\bbE\bEH\bHn\bnP\bPS\bS] [-\b-a\ba _\bt_\by_\bp_\be] [-\b-C\bC _\bn_\bu_\bm] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs] [-\b-g\bg _\bg_\br_\bo_\bu_\bp] [-\b-h\bh _\bh_\bo_\bs_\bt]
- [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-r\br _\br_\bo_\bl_\be] [-\b-t\bt _\bt_\by_\bp_\be] [-\b-u\bu _\bu_\bs_\be_\br] [_\bV_\bA_\bR=_\bv_\ba_\bl_\bu_\be] [-\b-i\bi | -\b-s\bs]
- [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
+ [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-r\br _\br_\bo_\bl_\be] [-\b-t\bt _\bt_\by_\bp_\be] [-\b-T\bT _\bt_\bi_\bm_\be_\bo_\bu_\bt] [-\b-u\bu _\bu_\bs_\be_\br] [_\bV_\bA_\bR=_\bv_\ba_\bl_\bu_\be]
+ [-\b-i\bi | -\b-s\bs] [_\bc_\bo_\bm_\bm_\ba_\bn_\bd]
s\bsu\bud\bdo\boe\bed\bdi\bit\bt [-\b-A\bAk\bkn\bnS\bS] [-\b-a\ba _\bt_\by_\bp_\be] [-\b-C\bC _\bn_\bu_\bm] [-\b-c\bc _\bc_\bl_\ba_\bs_\bs] [-\b-g\bg _\bg_\br_\bo_\bu_\bp] [-\b-h\bh _\bh_\bo_\bs_\bt]
- [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-u\bu _\bu_\bs_\be_\br] _\bf_\bi_\bl_\be _\b._\b._\b.
+ [-\b-p\bp _\bp_\br_\bo_\bm_\bp_\bt] [-\b-T\bT _\bt_\bi_\bm_\be_\bo_\bu_\bt] [-\b-u\bu _\bu_\bs_\be_\br] _\bf_\bi_\bl_\be _\b._\b._\b.
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
s\bsu\bud\bdo\bo allows a permitted user to execute a _\bc_\bo_\bm_\bm_\ba_\bn_\bd as the superuser or
_\bs_\bu_\bd_\bo_\be_\br_\bs policy only allows root or a user with the ALL
privilege on the current host to use this option.
+ -\b-T\bT _\bt_\bi_\bm_\be_\bo_\bu_\bt, -\b--\b-c\bco\bom\bmm\bma\ban\bnd\bd-\b-t\bti\bim\bme\beo\bou\but\bt=_\bt_\bi_\bm_\be_\bo_\bu_\bt
+ Used to set a timeout for the command. If the timeout
+ expires before the command has exited, the command will be
+ terminated. The security policy may restrict the ability to
+ set command timeouts. The _\bs_\bu_\bd_\bo_\be_\br_\bs policy requires that user-
+ specified timeouts be explicitly enabled.
+
-\b-u\bu _\bu_\bs_\be_\br, -\b--\b-u\bus\bse\ber\br=_\bu_\bs_\be_\br
Run the command as a user other than the default target user
(usually _\br_\bo_\bo_\bt). The _\bu_\bs_\be_\br may be either a user name or a
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.19 January 19, 2016 Sudo 1.8.19
+Sudo 1.8.20 February 16, 2017 Sudo 1.8.20
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudo.mdoc.in
.\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2016
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2017
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDO" "8" "January 19, 2016" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "8" "February 16, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
[\fB\-p\fR\ \fIprompt\fR]
[\fB\-r\fR\ \fIrole\fR]
[\fB\-t\fR\ \fItype\fR]
+[\fB\-T\fR\ \fItimeout\fR]
[\fB\-u\fR\ \fIuser\fR]
[\fIVAR\fR=\fIvalue\fR]
[\fB\-i\fR\ |\ \fB\-s\fR]
[\fB\-g\fR\ \fIgroup\fR]
[\fB\-h\fR\ \fIhost\fR]
[\fB\-p\fR\ \fIprompt\fR]
+[\fB\-T\fR\ \fItimeout\fR]
[\fB\-u\fR\ \fIuser\fR]
\fIfile\ ...\fR
.PD
\fRALL\fR
privilege on the current host to use this option.
.TP 12n
+\fB\-T\fR \fItimeout\fR, \fB\--command-timeout\fR=\fItimeout\fR
+Used to set a timeout for the command.
+If the timeout expires before the command has exited, the
+command will be terminated.
+The security policy may restrict the ability to set command timeouts.
+The
+\fIsudoers\fR
+policy requires that user-specified timeouts be explicitly enabled.
+.TP 12n
\fB\-u\fR \fIuser\fR, \fB\--user\fR=\fIuser\fR
Run the command as a user other than the default target user
(usually
.\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2016
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2017
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd January 19, 2016
+.Dd February 16, 2017
.Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Op Fl p Ar prompt
.Op Fl r Ar role
.Op Fl t Ar type
+.Op Fl T Ar timeout
.Op Fl u Ar user
.Op Ar VAR Ns = Ns Ar value
.Op Fl i | s
.Op Fl g Ar group
.Op Fl h Ar host
.Op Fl p Ar prompt
+.Op Fl T Ar timeout
.Op Fl u Ar user
.Ar
.Sh DESCRIPTION
policy only allows root or a user with the
.Li ALL
privilege on the current host to use this option.
+.It Fl T Ar timeout , Fl -command-timeout Ns = Ns Ar timeout
+Used to set a timeout for the command.
+If the timeout expires before the command has exited, the
+command will be terminated.
+The security policy may restrict the ability to set command timeouts.
+The
+.Em sudoers
+policy requires that user-specified timeouts be explicitly enabled.
.It Fl u Ar user , Fl -user Ns = Ns Ar user
Run the command as a user other than the default target user
(usually
this option will make that impossible. This flag is
_\bo_\bf_\bf by default.
+ user_command_timeouts
+ If set, the user may specify a timeout on the command
+ line. If the timeout expires before the command has
+ exited, the command will be terminated. If a timeout
+ is specified both in the _\bs_\bu_\bd_\bo_\be_\br_\bs file and on the
+ command line, the smaller of the two timeouts will be
+ used. See the Timeout_Spec section for a description
+ of the timeout syntax. This flag is _\bo_\bf_\bf by default.
+
+ This setting is only supported by version 1.8.20 or
+ higher.
+
utmp_runas If set, s\bsu\bud\bdo\bo will store the name of the runas user when
updating the utmp (or utmpx) file. By default, s\bsu\bud\bdo\bo
stores the name of the invoking user. This flag is _\bo_\bf_\bf
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.20 February 14, 2017 Sudo 1.8.20
+Sudo 1.8.20 February 16, 2017 Sudo 1.8.20
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "5" "February 14, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "February 16, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
\fIoff\fR
by default.
.TP 18n
+user_command_timeouts
+If set, the user may specify a timeout on the command line.
+If the timeout expires before the command has exited, the
+command will be terminated.
+If a timeout is specified both in the
+\fIsudoers\fR
+file and on the command line, the smaller of the two timeouts will be used.
+See the
+\fRTimeout_Spec\fR
+section for a description of the timeout syntax.
+This flag is
+\fIoff\fR
+by default.
+.sp
+This setting is only supported by version 1.8.20 or higher.
+.TP 18n
utmp_runas
If set,
\fBsudo\fR
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd February 14, 2017
+.Dd February 16, 2017
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
This flag is
.Em off
by default.
+.It user_command_timeouts
+If set, the user may specify a timeout on the command line.
+If the timeout expires before the command has exited, the
+command will be terminated.
+If a timeout is specified both in the
+.Pa sudoers
+file and on the command line, the smaller of the two timeouts will be used.
+See the
+.Li Timeout_Spec
+section for a description of the timeout syntax.
+This flag is
+.Em off
+by default.
+.Pp
+This setting is only supported by version 1.8.20 or higher.
.It utmp_runas
If set,
.Nm sudo
"command_timeout", T_TIMEOUT|T_BOOL,
N_("Time in seconds after which the command will be terminated: %u"),
NULL,
+ }, {
+ "user_command_timeouts", T_FLAG,
+ N_("Allow the user to specify a timeout on the command line"),
+ NULL,
}, {
NULL, 0, NULL
}
#define def_ignore_unknown_defaults (sudo_defs_table[I_IGNORE_UNKNOWN_DEFAULTS].sd_un.flag)
#define I_COMMAND_TIMEOUT 105
#define def_command_timeout (sudo_defs_table[I_COMMAND_TIMEOUT].sd_un.ival)
+#define I_USER_COMMAND_TIMEOUTS 106
+#define def_user_command_timeouts (sudo_defs_table[I_USER_COMMAND_TIMEOUTS].sd_un.flag)
enum def_tuple {
never,
command_timeout
T_TIMEOUT|T_BOOL
"Time in seconds after which the command will be terminated: %u"
+user_command_timeouts
+ T_FLAG
+ "Allow the user to specify a timeout on the command line"
#include "sudoers.h"
#include "sudoers_version.h"
#include "interfaces.h"
+#include "parse.h" /* for parse_timeout() */
/*
* Info passed in from the sudo front-end.
remhost = *cur + sizeof("remote_host=") - 1;
continue;
}
+ if (MATCHES(*cur, "timeout=")) {
+ p = *cur + sizeof("timeout=") - 1;
+ user_timeout = parse_timeout(p);
+ if (user_timeout == -1) {
+ if (errno == ERANGE)
+ sudo_warnx(U_("%s: %s"), p, U_("timeout value too large"));
+ else
+ sudo_warnx(U_("%s: %s"), p, U_("invalid timeout value"));
+ goto bad;
+ }
+ continue;
+ }
#ifdef ENABLE_SUDO_PLUGIN_API
if (MATCHES(*cur, "plugin_dir=")) {
path_plugin_dir = *cur + sizeof("plugin_dir=") - 1;
if ((command_info[info_len++] = sudo_new_key_val("iolog_group", def_iolog_group)) == NULL)
goto oom;
}
- if (def_command_timeout != 0) {
- if (asprintf(&command_info[info_len++], "timeout=%u", def_command_timeout) == -1)
+ if (def_command_timeout > 0 || user_timeout > 0) {
+ int timeout = def_command_timeout;
+ if (timeout <= 0 || user_timeout < timeout)
+ timeout = user_timeout;
+ if (asprintf(&command_info[info_len++], "timeout=%u", timeout) == -1)
goto oom;
}
if (cmnd_umask != ACCESSPERMS) {
goto bad;
}
+ /* If user specified a timeout make sure sudoers allows it. */
+ if (!def_user_command_timeouts && user_timeout > 0) {
+ /* XXX - audit/log? */
+ sudo_warnx(U_("sorry, you are not allowed set a command timeout"));
+ goto bad;
+ }
+
/* If user specified env vars make sure sudoers allows it. */
if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) {
if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) {
- /* XXX - audit? */
+ /* XXX - audit/log? */
sudo_warnx(U_("sorry, you are not allowed to preserve the environment"));
goto bad;
} else {
int cols;
int flags;
int max_groups;
+ int timeout;
mode_t umask;
uid_t uid;
uid_t gid;
#define user_closefrom (sudo_user.closefrom)
#define runas_privs (sudo_user.privs)
#define runas_limitprivs (sudo_user.limitprivs)
+#define user_timeout (sudo_user.timeout)
#ifdef __TANDEM
# define ROOT_UID 65535
/*
- * Copyright (c) 1993-1996, 1998-2015 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1993-1996, 1998-2017 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
{ "plugin_dir" },
#define ARG_REMOTE_HOST 21
{ "remote_host" },
-#define NUM_SETTINGS 22
+#define ARG_TIMEOUT 22
+ { "timeout" },
+#define NUM_SETTINGS 23
{ NULL }
};
* Note that we must disable arg permutation to support setting environment
* variables and to better support the optional arg of the -h flag.
*/
-static const char short_opts[] = "+Aa:bC:c:D:Eeg:Hh::iKklnPp:r:Sst:U:u:Vv";
+static const char short_opts[] = "+Aa:bC:c:D:Eeg:Hh::iKklnPp:r:SsT:t:U:u:Vv";
static struct option long_opts[] = {
{ "askpass", no_argument, NULL, 'A' },
{ "auth-type", required_argument, NULL, 'a' },
{ "stdin", no_argument, NULL, 'S' },
{ "shell", no_argument, NULL, 's' },
{ "type", required_argument, NULL, 't' },
+ { "command-timeout",required_argument, NULL, 'T' },
{ "other-user", required_argument, NULL, 'U' },
{ "user", required_argument, NULL, 'u' },
{ "version", no_argument, NULL, 'V' },
sudo_settings[ARG_SELINUX_TYPE].value = optarg;
break;
#endif
+ case 'T':
+ sudo_settings[ARG_TIMEOUT].value = optarg;
+ break;
case 'S':
SET(tgetpass_flags, TGP_STDIN);
break;
help(void)
{
struct sudo_lbuf lbuf;
- const int indent = 30;
+ const int indent = 32;
const char *pname = getprogname();
debug_decl(help, SUDO_DEBUG_ARGS)
usage(0);
sudo_lbuf_append(&lbuf, _("\nOptions:\n"));
- sudo_lbuf_append(&lbuf, " -A, --askpass %s\n",
+ sudo_lbuf_append(&lbuf, " -A, --askpass %s\n",
_("use a helper program for password prompting"));
#ifdef HAVE_BSD_AUTH_H
- sudo_lbuf_append(&lbuf, " -a, --auth-type=type %s\n",
+ sudo_lbuf_append(&lbuf, " -a, --auth-type=type %s\n",
_("use specified BSD authentication type"));
#endif
- sudo_lbuf_append(&lbuf, " -b, --background %s\n",
+ sudo_lbuf_append(&lbuf, " -b, --background %s\n",
_("run command in the background"));
- sudo_lbuf_append(&lbuf, " -C, --close-from=num %s\n",
+ sudo_lbuf_append(&lbuf, " -C, --close-from=num %s\n",
_("close all file descriptors >= num"));
#ifdef HAVE_LOGIN_CAP_H
- sudo_lbuf_append(&lbuf, " -c, --login-class=class %s\n",
+ sudo_lbuf_append(&lbuf, " -c, --login-class=class %s\n",
_("run command with the specified BSD login class"));
#endif
- sudo_lbuf_append(&lbuf, " -E, --preserve-env %s\n",
+ sudo_lbuf_append(&lbuf, " -E, --preserve-env %s\n",
_("preserve user environment when running command"));
- sudo_lbuf_append(&lbuf, " -e, --edit %s\n",
+ sudo_lbuf_append(&lbuf, " -e, --edit %s\n",
_("edit files instead of running a command"));
- sudo_lbuf_append(&lbuf, " -g, --group=group %s\n",
+ sudo_lbuf_append(&lbuf, " -g, --group=group %s\n",
_("run command as the specified group name or ID"));
- sudo_lbuf_append(&lbuf, " -H, --set-home %s\n",
+ sudo_lbuf_append(&lbuf, " -H, --set-home %s\n",
_("set HOME variable to target user's home dir"));
- sudo_lbuf_append(&lbuf, " -h, --help %s\n",
+ sudo_lbuf_append(&lbuf, " -h, --help %s\n",
_("display help message and exit"));
- sudo_lbuf_append(&lbuf, " -h, --host=host %s\n",
+ sudo_lbuf_append(&lbuf, " -h, --host=host %s\n",
_("run command on host (if supported by plugin)"));
- sudo_lbuf_append(&lbuf, " -i, --login %s\n",
+ sudo_lbuf_append(&lbuf, " -i, --login %s\n",
_("run login shell as the target user; a command may also be specified"));
- sudo_lbuf_append(&lbuf, " -K, --remove-timestamp %s\n",
+ sudo_lbuf_append(&lbuf, " -K, --remove-timestamp %s\n",
_("remove timestamp file completely"));
- sudo_lbuf_append(&lbuf, " -k, --reset-timestamp %s\n",
+ sudo_lbuf_append(&lbuf, " -k, --reset-timestamp %s\n",
_("invalidate timestamp file"));
- sudo_lbuf_append(&lbuf, " -l, --list %s\n",
+ sudo_lbuf_append(&lbuf, " -l, --list %s\n",
_("list user's privileges or check a specific command; use twice for longer format"));
- sudo_lbuf_append(&lbuf, " -n, --non-interactive %s\n",
+ sudo_lbuf_append(&lbuf, " -n, --non-interactive %s\n",
_("non-interactive mode, no prompts are used"));
- sudo_lbuf_append(&lbuf, " -P, --preserve-groups %s\n",
+ sudo_lbuf_append(&lbuf, " -P, --preserve-groups %s\n",
_("preserve group vector instead of setting to target's"));
- sudo_lbuf_append(&lbuf, " -p, --prompt=prompt %s\n",
+ sudo_lbuf_append(&lbuf, " -p, --prompt=prompt %s\n",
_("use the specified password prompt"));
#ifdef HAVE_SELINUX
- sudo_lbuf_append(&lbuf, " -r, --role=role %s\n",
+ sudo_lbuf_append(&lbuf, " -r, --role=role %s\n",
_("create SELinux security context with specified role"));
#endif
- sudo_lbuf_append(&lbuf, " -S, --stdin %s\n",
+ sudo_lbuf_append(&lbuf, " -S, --stdin %s\n",
_("read password from standard input"));
- sudo_lbuf_append(&lbuf, " -s, --shell %s\n",
+ sudo_lbuf_append(&lbuf, " -s, --shell %s\n",
_("run shell as the target user; a command may also be specified"));
#ifdef HAVE_SELINUX
- sudo_lbuf_append(&lbuf, " -t, --type=type %s\n",
+ sudo_lbuf_append(&lbuf, " -t, --type=type %s\n",
_("create SELinux security context with specified type"));
#endif
- sudo_lbuf_append(&lbuf, " -U, --other-user=user %s\n",
+ sudo_lbuf_append(&lbuf, " -T, --command-timeout=timeout %s\n",
+ _("terminate command after the specified time limit"));
+ sudo_lbuf_append(&lbuf, " -U, --other-user=user %s\n",
_("in list mode, display privileges for user"));
- sudo_lbuf_append(&lbuf, " -u, --user=user %s\n",
+ sudo_lbuf_append(&lbuf, " -u, --user=user %s\n",
_("run command (or edit file) as specified user name or ID"));
- sudo_lbuf_append(&lbuf, " -V, --version %s\n",
+ sudo_lbuf_append(&lbuf, " -V, --version %s\n",
_("display version information and exit"));
- sudo_lbuf_append(&lbuf, " -v, --validate %s\n",
+ sudo_lbuf_append(&lbuf, " -v, --validate %s\n",
_("update user's timestamp without running a command"));
- sudo_lbuf_append(&lbuf, " -- %s\n",
+ sudo_lbuf_append(&lbuf, " -- %s\n",
_("stop processing command line arguments"));
sudo_lbuf_print(&lbuf);
sudo_lbuf_destroy(&lbuf);
/*
- * Copyright (c) 2007-2010, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2007-2010, 2013, 2015, 2017
+ * Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#define SUDO_USAGE1 " -h | -K | -k | -V"
#define SUDO_USAGE2 " -v [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]"
#define SUDO_USAGE3 " -l [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command]"
-#define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s] [<command>]"
-#define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-u user] file ..."
+#define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-T timeout] [-u user] [VAR=value] [-i|-s] [<command>]"
+#define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ..."
/*
* Configure script arguments used to build sudo.
projects / sudo / commitdiff