Add syslog_pid sudoers option to log sudo's process ID when logging

via syslog.  This is disabled by default to match historic behavior.

diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index 887ad75516d5b7db7ceff00672d50f91e1982844..bd9750ec153108739b9200f890df7322fa77122e 100644 (file)
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1420,6 +1420,12 @@ S\bSU\bUD\bDO\bOE\bER\bRS\bS O\bOP\bPT\bTI\bIO\bON\bNS\bS
                        This setting is only supported by version 1.8.15 or
                        higher.
 
+     syslog_pid        When logging via syslog(3), include the process ID in
+                       the log entry.  This flag is _\bo_\bf_\bf by default.
+
+                       This setting is only supported by version 1.8.21 or
+                       higher.
+
      targetpw          If set, s\bsu\bud\bdo\bo will prompt for the password of the user
                        specified by the -\b-u\bu option (defaults to root) instead
                        of the password of the invoking user when running a
@@ -2817,4 +2823,4 @@ D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
      file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.21                      June 3, 2017                      Sudo 1.8.21
+Sudo 1.8.21                      July 20, 2017                     Sudo 1.8.21

diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index feccb212b40ced96e605ed7757886727de4c8b67..d5c82704f90658bc62fbbafd020a0b0b0e5ce467 100644 (file)
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDOERS" "5" "June 3, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "July 20, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -2977,6 +2977,16 @@ by default.
 .sp
 This setting is only supported by version 1.8.15 or higher.
 .TP 18n
+syslog_pid
+When logging via
+syslog(3),
+include the process ID in the log entry.
+This flag is
+\fIoff\fR
+by default.
+.sp
+This setting is only supported by version 1.8.21 or higher.
+.TP 18n
 targetpw
 If set,
 \fBsudo\fR

diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index 2fcefcc2231865a45aaea0cf1682d75da6435593..69c1ef9741dc19e6eb3672ac3c3503df94b0b721 100644 (file)
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd June 3, 2017
+.Dd July 20, 2017
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -2797,6 +2797,15 @@ This flag is
 by default.
 .Pp
 This setting is only supported by version 1.8.15 or higher.
+.It syslog_pid
+When logging via
+.Xr syslog 3 ,
+include the process ID in the log entry.
+This flag is
+.Em off
+by default.
+.Pp
+This setting is only supported by version 1.8.21 or higher.
 .It targetpw
 If set,
 .Nm sudo

diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
index bfbcbdb8895cac376ab5d447961b444a76fc0470..a8bdbef72fb40b3810956ed56a98383bce592bef 100644 (file)
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -465,6 +465,10 @@ struct sudo_defs_types sudo_defs_table[] = {
        "iolog_flush", T_FLAG,
        N_("Flush I/O log data to disk immediately instead of buffering it"),
        NULL,
+    }, {
+       "syslog_pid", T_FLAG,
+       N_("Include the process ID when logging via syslog"),
+       NULL,
     }, {
        NULL, 0, NULL
     }

diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
index 8b06078fd0018b6ffcc9fe591f966becd2a4e3b4..2df8e7735748b0c91eae65796a369999d19356f0 100644 (file)
--- a/plugins/sudoers/def_data.h
+++ b/plugins/sudoers/def_data.h
@@ -216,6 +216,8 @@
 #define def_user_command_timeouts (sudo_defs_table[I_USER_COMMAND_TIMEOUTS].sd_un.flag)
 #define I_IOLOG_FLUSH           108
 #define def_iolog_flush         (sudo_defs_table[I_IOLOG_FLUSH].sd_un.flag)
+#define I_SYSLOG_PID            109
+#define def_syslog_pid          (sudo_defs_table[I_SYSLOG_PID].sd_un.flag)
 
 enum def_tuple {
        never,

diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
index 5bb227f916ae2c5f6bdb404eb5409950273ce85d..a4f499713a10f9a4f88c1bf24850c6e513f829dc 100644 (file)
--- a/plugins/sudoers/def_data.in
+++ b/plugins/sudoers/def_data.in
@@ -341,3 +341,6 @@ user_command_timeouts
 iolog_flush
        T_FLAG
        "Flush I/O log data to disk immediately instead of buffering it"
+syslog_pid
+       T_FLAG
+       "Include the process ID when logging via syslog"

diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index 45cae67b02a90e612428d36a038979ce50f93a14..7c4dc55bb0685b1bf81894b23f8b8d6e48e2e4bd 100644 (file)
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -70,10 +70,11 @@ static char *new_logline(const char *, int);
 static void
 mysyslog(int pri, const char *fmt, ...)
 {
+    const int flags = def_syslog_pid ? LOG_PID : 0;
     va_list ap;
     debug_decl(mysyslog, SUDOERS_DEBUG_LOGGING)
 
-    openlog("sudo", 0, def_syslog);
+    openlog("sudo", flags, def_syslog);
     va_start(ap, fmt);
     vsyslog(pri, fmt, ap);
     va_end(ap);