From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 20 Jul 2017 22:33:12 +0000 (-0600)
Subject: Add syslog_pid sudoers option to log sudo's process ID when logging
X-Git-Tag: SUDO_1_8_21^2~26
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d129f306ea88af807878dd93b9ed6c222185382c;p=sudo

Add syslog_pid sudoers option to log sudo's process ID when logging
via syslog.  This is disabled by default to match historic behavior.
---

diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index 887ad7551..bd9750ec1 100644
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1420,6 +1420,12 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        This setting is only supported by version 1.8.15 or
                        higher.
 
+     syslog_pid        When logging via syslog(3), include the process ID in
+                       the log entry.  This flag is _o_f_f by default.
+
+                       This setting is only supported by version 1.8.21 or
+                       higher.
+
      targetpw          If set, ssuuddoo will prompt for the password of the user
                        specified by the --uu option (defaults to root) instead
                        of the password of the invoking user when running a
@@ -2817,4 +2823,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or https://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.21                      June 3, 2017                      Sudo 1.8.21
+Sudo 1.8.21                      July 20, 2017                     Sudo 1.8.21
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index feccb212b..d5c82704f 100644
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDOERS" "5" "June 3, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "July 20, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -2977,6 +2977,16 @@ by default.
 .sp
 This setting is only supported by version 1.8.15 or higher.
 .TP 18n
+syslog_pid
+When logging via
+syslog(3),
+include the process ID in the log entry.
+This flag is
+\fIoff\fR
+by default.
+.sp
+This setting is only supported by version 1.8.21 or higher.
+.TP 18n
 targetpw
 If set,
 \fBsudo\fR
diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index 2fcefcc22..69c1ef974 100644
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd June 3, 2017
+.Dd July 20, 2017
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -2797,6 +2797,15 @@ This flag is
 by default.
 .Pp
 This setting is only supported by version 1.8.15 or higher.
+.It syslog_pid
+When logging via
+.Xr syslog 3 ,
+include the process ID in the log entry.
+This flag is
+.Em off
+by default.
+.Pp
+This setting is only supported by version 1.8.21 or higher.
 .It targetpw
 If set,
 .Nm sudo
diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
index bfbcbdb88..a8bdbef72 100644
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -465,6 +465,10 @@ struct sudo_defs_types sudo_defs_table[] = {
 	"iolog_flush", T_FLAG,
 	N_("Flush I/O log data to disk immediately instead of buffering it"),
 	NULL,
+    }, {
+	"syslog_pid", T_FLAG,
+	N_("Include the process ID when logging via syslog"),
+	NULL,
     }, {
 	NULL, 0, NULL
     }
diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
index 8b06078fd..2df8e7735 100644
--- a/plugins/sudoers/def_data.h
+++ b/plugins/sudoers/def_data.h
@@ -216,6 +216,8 @@
 #define def_user_command_timeouts (sudo_defs_table[I_USER_COMMAND_TIMEOUTS].sd_un.flag)
 #define I_IOLOG_FLUSH           108
 #define def_iolog_flush         (sudo_defs_table[I_IOLOG_FLUSH].sd_un.flag)
+#define I_SYSLOG_PID            109
+#define def_syslog_pid          (sudo_defs_table[I_SYSLOG_PID].sd_un.flag)
 
 enum def_tuple {
 	never,
diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
index 5bb227f91..a4f499713 100644
--- a/plugins/sudoers/def_data.in
+++ b/plugins/sudoers/def_data.in
@@ -341,3 +341,6 @@ user_command_timeouts
 iolog_flush
 	T_FLAG
 	"Flush I/O log data to disk immediately instead of buffering it"
+syslog_pid
+	T_FLAG
+	"Include the process ID when logging via syslog"
diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index 45cae67b0..7c4dc55bb 100644
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -70,10 +70,11 @@ static char *new_logline(const char *, int);
 static void
 mysyslog(int pri, const char *fmt, ...)
 {
+    const int flags = def_syslog_pid ? LOG_PID : 0;
     va_list ap;
     debug_decl(mysyslog, SUDOERS_DEBUG_LOGGING)
 
-    openlog("sudo", 0, def_syslog);
+    openlog("sudo", flags, def_syslog);
     va_start(ap, fmt);
     vsyslog(pri, fmt, ap);
     va_end(ap);