version 1.1, 2012/02/21 16:23:01
|
version 1.1.1.6, 2014/06/15 16:12:53
|
Line 1
|
Line 1
|
|
What's new in Sudo 1.8.10p3? |
|
|
|
* Fixed expansion of %p in the prompt for "sudo -l" when rootpw, |
|
runaspw or targetpw is set. Bug #639 |
|
|
|
* Fixed matching of uids and gids which was broken in version 1.8.9. |
|
Bug #640 |
|
|
|
* PAM credential initialization has been re-enabled. It was |
|
unintentionally disabled by default in version 1.8.8. The way |
|
credentials are initialized has also been fixed. Bug #642. |
|
|
|
* Fixed a descriptor leak on Linux when determing boot time. Sudo |
|
normally closes extra descriptors before running a command so |
|
the impact is limited. Bug #645 |
|
|
|
* Fixed flushing of the last buffer of data when I/O logging is |
|
enabled. This bug, introduced in version 1.8.9, could cause |
|
incomplete command output on some systems. Bug #646 |
|
|
|
What's new in Sudo 1.8.10p2? |
|
|
|
* Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout |
|
is set to zero. |
|
|
|
What's new in Sudo 1.8.10p1? |
|
|
|
* Fixed a bug introduced in sudo 1.8.10 that prevented the disabling |
|
of tty-based tickets. |
|
|
|
* Fixed a bug with netgated commands in "sudo -l command" that |
|
could cause the command to be listed even when it was explicitly |
|
denied. This only affected list mode when a command was specified. |
|
Bug #636 |
|
|
|
What's new in Sudo 1.8.10? |
|
|
|
* It is now possible to disable network interface probing in |
|
sudo.conf by changing the value of the probe_interfaces |
|
setting. |
|
|
|
* When listing a user's privileges (sudo -l), the sudoers plugin |
|
will now prompt for the user's password even if the targetpw, |
|
rootpw or runaspw options are set. |
|
|
|
* The sudoers plugin uses a new format for its time stamp files. |
|
Each user now has a single file which may contain multiple records |
|
when per-tty time stamps are in use (the default). The time |
|
stamps use a monotonic timer where available and are once again |
|
located in a directory under /var/run. The lecture status is |
|
now stored separately from the time stamps in a different directory. |
|
Bug #616 |
|
|
|
* sudo's -K option will now remove all of the user's time stamps, |
|
not just the time stamp for the current terminal. The -k option |
|
can be used to only disable time stamps for the current terminal. |
|
|
|
* If sudo was started in the background and needed to prompt for |
|
a password, it was not possible to suspend it at the password |
|
prompt. This now works properly. |
|
|
|
* LDAP-based sudoers now uses a default search filter of |
|
(objectClass=sudoRole) for more efficient queries. The netgroup |
|
query has been modified to avoid falling below the minimum length |
|
for OpenLDAP substring indices. |
|
|
|
* The new "use_netgroups" sudoers option can be used to explicitly |
|
enable or disable netgroups support. For LDAP-based sudoers, |
|
netgroup support requires an expensive substring match on the |
|
server. If netgroups are not needed, this option can be disabled |
|
to reduce the load on the LDAP server. |
|
|
|
* Sudo is once again able to open the sudoers file when the group |
|
on sudoers doesn't match the expected value, so long as the file |
|
is not group writable. |
|
|
|
* Sudo now installs an init.d script to clear the time stamp |
|
directory at boot time on AIX and HP-UX systems. These systems |
|
either lack /var/run or do not clear it on boot. |
|
|
|
* The JSON format used by "visudo -x" now properly supports the |
|
negation operator. In addition, the Options object is now the |
|
same for both Defaults and Cmnd_Specs. |
|
|
|
* Czech and Serbian translations for sudoers from translationproject.org. |
|
|
|
* Catalan translation for sudo from translationproject.org. |
|
|
|
What's new in Sudo 1.8.9p5? |
|
|
|
* Fixed a compilation error on AIX when LDAP support is enabled. |
|
|
|
* Fixed parsing of the "umask" defaults setting in sudoers. Bug #632. |
|
|
|
* Fixed a failed assertion when the "closefrom_override" defaults |
|
setting is enabled in sudoers and sudo's -C flag is used. Bug #633. |
|
|
|
What's new in Sudo 1.8.9p4? |
|
|
|
* Fixed a bug where sudo could consume large amounts of CPU while |
|
the command was running when I/O logging is not enabled. Bug #631 |
|
|
|
* Fixed a bug where sudo would exit with an error when the debug |
|
level is set to util@debug or all@debug and I/O logging is not |
|
enabled. The command would continue runnning after sudo exited. |
|
|
|
What's new in Sudo 1.8.9p3? |
|
|
|
* Fixed a bug introduced in sudo 1.8.9 that prevented the tty name |
|
from being resolved properly on Linux systems. Bug #630. |
|
|
|
What's new in Sudo 1.8.9p2? |
|
|
|
* Updated config.guess, config.sub and libtool to support the ppc64le |
|
architecture (IBM PowerPC Little Endian). |
|
|
|
What's new in Sudo 1.8.9p1? |
|
|
|
* Fixed a problem with gcc 4.8's handling of bit fields that could |
|
lead to the noexec flag being enabled even when it was not |
|
explicitly set. |
|
|
|
What's new in Sudo 1.8.9? |
|
|
|
* Reworked sudo's main event loop to use a simple event subsystem |
|
using poll(2) or select(2) as the back end. |
|
|
|
* It is now possible to statically compile the sudoers plugin into |
|
the sudo binary without disabling shared library support. The |
|
sudo.conf file may still be used to configure other plugins. |
|
|
|
* Sudo can now be compiled again with a C preprocessor that does |
|
not support variadic macros. |
|
|
|
* Visudo can now export a sudoers file in JSON format using the |
|
new -x flag. |
|
|
|
* The locale is now set correctly again for visudo and sudoreplay. |
|
|
|
* The plugin API has been extended to allow the plugin to exclude |
|
specific file descriptors from the "closefrom" range. |
|
|
|
* There is now a workaround for a Solaris-specific problem where |
|
NOEXEC was overriding traditional root DAC behavior. |
|
|
|
* Add user netgroup filtering for SSSD. Previously, rules for |
|
a netgroup were applied to all even when they did not belong |
|
to the specified netgroup. |
|
|
|
* On systems with BSD login classes, if the user specified a group |
|
(not a user) to run the command as, it was possible to specify |
|
a different login class even when the command was not run as the |
|
super user. |
|
|
|
* The closefrom() emulation on Mac OS X now uses /dev/fd if possible. |
|
|
|
* Fixed a bug where sudoedit would not update the original file |
|
from the temporary when PAM or I/O logging is not enabled. |
|
|
|
* When recycling I/O logs, the log files are now truncated properly. |
|
|
|
* Fixes bugs #617, #621, #622, #623, #624, #625, #626 |
|
|
|
What's new in Sudo 1.8.8? |
|
|
|
* Removed a warning on PAM systems with stacked auth modules |
|
where the first module on the stack does not succeed. |
|
|
|
* Sudo, sudoreplay and visudo now support GNU-style long options. |
|
|
|
* The -h (--host) option may now be used to specify a host name. |
|
This is currently only used by the sudoers plugin in conjunction |
|
with the -l (--list) option. |
|
|
|
* Program usage messages and manual SYNOPSIS sections have been |
|
simplified. |
|
|
|
* Sudo's LDAP SASL support now works properly with Kerberos. |
|
Previously, the SASL library was unable to locate the user's |
|
credential cache. |
|
|
|
* It is now possible to set the nproc resource limit to unlimited |
|
via pam_limits on Linux (bug #565). |
|
|
|
* New "pam_service" and "pam_login_service" sudoers options |
|
that can be used to specify the PAM service name to use. |
|
|
|
* New "pam_session" and "pam_setcred" sudoers options that |
|
can be used to disable PAM session and credential support. |
|
|
|
* The sudoers plugin now properly supports UIDs and GIDs |
|
that are larger than 0x7fffffff on 32-bit platforms. |
|
|
|
* Fixed a visudo bug introduced in sudo 1.8.7 where per-group |
|
Defaults entries would cause an internal error. |
|
|
|
* If the "tty_tickets" sudoers option is enabled (the default), |
|
but there is no tty present, sudo will now use a ticket file |
|
based on the parent process ID. This makes it possible to support |
|
the normal timeout behavior for the session. |
|
|
|
* Fixed a problem running commands that change their process |
|
group and then attempt to change the terminal settings when not |
|
running the command in a pseudo-terminal. Previously, the process |
|
would receive SIGTTOU since it was effectively a background |
|
process. Sudo will now grant the child the controlling tty and |
|
continue it when this happens. |
|
|
|
* The "closefrom_override" sudoers option may now be used in |
|
a command-specified Defaults entry (bug #610). |
|
|
|
* Sudo's BSM audit support now works on Solaris 11. |
|
|
|
* Brazilian Portuguese translation for sudo and sudoers from |
|
translationproject.org. |
|
|
|
* Czech translation for sudo from translationproject.org. |
|
|
|
* French translation for sudo from translationproject.org. |
|
|
|
* Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic |
|
symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1 |
|
which causes issues with some programs. |
|
|
|
* Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6. |
|
|
|
* Root may no longer change its SELinux role without entering |
|
a password. |
|
|
|
* Fixed a bug introduced in Sudo 1.8.7 where the indexes written |
|
to the I/O log timing file are two greater than they should be. |
|
Sudoreplay now contains a work-around to parse those files. |
|
|
|
* In sudoreplay's list mode, the "this" qualifier in "fromdate" |
|
or "todate" expressions now behaves more sensibly. Previously, |
|
it would often match a date that was "one more" than expected. |
|
For example, "this week" now matches the current week instead |
|
of the following week. |
|
|
|
What's new in Sudo 1.8.7? |
|
|
|
* The non-Unix group plugin is now supported when sudoers data |
|
is stored in LDAP. |
|
|
|
* Sudo now uses a workaround for a locale bug on Solaris 11.0 |
|
that prevents setuid programs like sudo from fully using locales. |
|
|
|
* User messages are now always displayed in the user's locale, |
|
even when the same message is being logged or mailed in a |
|
different locale. |
|
|
|
* Log files created by sudo now explicitly have the group set |
|
to group ID 0 rather than relying on BSD group semantics (which |
|
may not be the default). |
|
|
|
* A new "exec_background" sudoers option can be used to initially |
|
run the command without read access to the terminal when running |
|
a command in a pseudo-tty. If the command tries to read from |
|
the terminal it will be stopped by the kernel (via SIGTTIN or |
|
SIGTTOU) and sudo will immediately restart it as the foreground |
|
process (if possible). This allows sudo to only pass terminal |
|
input to the program if the program actually is expecting it. |
|
Unfortunately, a few poorly-behaved programs (like "su" on most |
|
Linux systems) do not handle SIGTTIN and SIGTTOU properly. |
|
|
|
* Sudo now uses an efficient group query to get all the groups |
|
for a user instead of iterating over every record in the group |
|
database on HP-UX and Solaris. |
|
|
|
* Sudo now produces better error messages when there is an error |
|
in the sudo.conf file. |
|
|
|
* Two new settings have been added to sudo.conf to give the admin |
|
better control of how group database queries are performed. The |
|
"group_source" specifies how the group list for a user will be |
|
determined. Legal values are "static" (use the kernel groups |
|
list), "dynamic" (perform a group database query) and "adaptive" |
|
(only perform a group database query if the kernel list is full). |
|
The "max_groups" setting specifies the maximum number of groups |
|
a user may belong to when performing a group database query. |
|
|
|
* The sudo.conf file now supports line continuation by using a |
|
backslash as the last character on the line. |
|
|
|
* There is now a standalone sudo.conf manual page. |
|
|
|
* Sudo now stores its libexec files in a "sudo" sub-directory instead |
|
of in libexec itself. For backwards compatibility, if the plugin |
|
is not found in the default plugin directory, sudo will check |
|
the parent directory if the default directory ends in "/sudo". |
|
|
|
* The sudoers I/O logging plugin now logs the terminal size. |
|
|
|
* A new sudoers option "maxseq" can be used to limit the number of |
|
I/O log entries that are stored. |
|
|
|
* The "system_group" and "group_file" sudoers group provider plugins |
|
are now installed by default. |
|
|
|
* The list output (sudo -l) output from the sudoers plugin is now |
|
less ambiguous when an entry includes different runas users. |
|
The long list output (sudo -ll) for file-based sudoers is now |
|
more consistent with the format of LDAP-based sudoers. |
|
|
|
* A uid may now be used in the sudoRunAsUser attributes for LDAP |
|
sudoers. |
|
|
|
* Minor plugin API change: the close and version functions are now |
|
optional. If the policy plugin does not provide a close function |
|
and the command is not being run in a new pseudo-tty, sudo may |
|
now execute the command directly instead of in a child process. |
|
|
|
* A new sudoers option "pam_session" can be used to disable sudo's |
|
PAM session support. |
|
|
|
* On HP-UX systems, sudo will now use the pstat() function to |
|
determine the tty instead of ttyname(). |
|
|
|
* Turkish translation for sudo and sudoers from translationproject.org. |
|
|
|
* Dutch translation for sudo and sudoers from translationproject.org. |
|
|
|
* Tivoli Directory Server client libraries may now be used with |
|
HP-UX where libibmldap has a hidden dependency on libCsup. |
|
|
|
* The sudoers plugin will now ignore invalid domain names when |
|
checking netgroup membership. Most Linux systems use the string |
|
"(none)" for the NIS-style domain name instead of an empty string. |
|
|
|
* New support for specifying a SHA-2 digest along with the command |
|
in sudoers. Supported hash types are sha224, sha256, sha384 and |
|
sha512. See the description of Digest_Spec in the sudoers manual |
|
or the description of sudoCommand in the sudoers.ldap manual for |
|
details. |
|
|
|
* The paths to ldap.conf and ldap.secret may now be specified as |
|
arguments to the sudoers plugin in the sudo.conf file. |
|
|
|
* Fixed potential false positives in visudo's alias cycle detection. |
|
|
|
* Fixed a problem where the time stamp file was being treated |
|
as out of date on Linux systems where the change time on the |
|
pseudo-tty device node can change after it is allocated. |
|
|
|
* Sudo now only builds Position Independent Executables (PIE) |
|
by default on Linux systems and verifies that a trivial test |
|
program builds and runs. |
|
|
|
* On Solaris 11.1 and higher, sudo binaries will now have the |
|
ASLR tag enabled if supported by the linker. |
|
|
|
What's new in Sudo 1.8.6p8? |
|
|
|
* Terminal detection now works properly on 64-bit AIX kernels. |
|
This was broken by the removal of the ttyname() fallback in Sudo |
|
1.8.6p6. Sudo is now able to map an AIX 64-bit device number |
|
to the corresponding device file in /dev. |
|
|
|
* Sudo now checks for crypt() returning NULL when performing |
|
passwd-based authentication. |
|
|
|
What's new in Sudo 1.8.6p7? |
|
|
|
* A time stamp file with the date set to the epoch by "sudo -k" |
|
is now completely ignored regardless of what the local clock is |
|
set to. Previously, if the local clock was set to a value between |
|
the epoch and the time stamp timeout value, a time stamp reset |
|
by "sudo -k" would be considered current. |
|
|
|
* The tty-specific time stamp file now includes the session ID |
|
of the sudo process that created it. If a process with the same |
|
tty but a different session ID runs sudo, the user will now be |
|
prompted for a password (assuming authentication is required for |
|
the command). |
|
|
|
What's new in Sudo 1.8.6p6? |
|
|
|
* On systems where the controlling tty can be determined via /proc |
|
or sysctl(), sudo will no longer fall back to using ttyname() |
|
if the process has no controlling tty. This prevents sudo from |
|
using a non-controlling tty for logging and time stamp purposes. |
|
|
|
What's new in Sudo 1.8.6p5? |
|
|
|
* Fixed a potential crash in visudo's alias cycle detection. |
|
|
|
* Improved performance on Solaris when retrieving the group list |
|
for the target user. On systems with a large number of groups |
|
where the group database is not local (NIS, LDAP, AD), fetching |
|
the group list could take a minute or more. |
|
|
|
What's new in Sudo 1.8.6p4? |
|
|
|
* The -fstack-protector is now used when linking visudo, sudoreplay |
|
and testsudoers. |
|
|
|
* Avoid building PIE binaries on FreeBSD/ia64 as they don't run |
|
properly. |
|
|
|
* Fixed a crash in visudo strict mode when an unknown Defaults |
|
setting is encountered. |
|
|
|
* Do not inform the user that the command was not permitted by the |
|
policy if they do not successfully authenticate. This is a |
|
regression introduced in sudo 1.8.6. |
|
|
|
* Allow sudo to be build with sss support without also including |
|
ldap support. |
|
|
|
* Fix running commands that need the terminal in the background |
|
when I/O logging is enabled. E.g. "sudo vi &". When the command |
|
is foregrounded, it will now resume properly. |
|
|
|
What's new in Sudo 1.8.6p3? |
|
|
|
* Fixed post-processing of the man pages on systems with legacy |
|
versions of sed. |
|
|
|
* Fixed "sudoreplay -l" on Linux systems with file systems that |
|
set DT_UNKNOWN in the d_type field of struct dirent. |
|
|
|
What's new in Sudo 1.8.6p2? |
|
|
|
* Fixed suspending a command after it has already been resumed |
|
once when I/O logging (or use_pty) is not enabled. |
|
This was a regression introduced in version 1.8.6. |
|
|
|
What's new in Sudo 1.8.6p1? |
|
|
|
* Fixed the setting of LOGNAME, USER and USERNAME variables in the |
|
command's environment when env_reset is enabled (the default). |
|
This was a regression introduced in version 1.8.6. |
|
|
|
* Sudo now honors SUCCESS=return in /etc/nsswitch.conf. |
|
|
|
What's new in Sudo 1.8.6? |
|
|
|
* Sudo is now built with the -fstack-protector flag if the the |
|
compiler supports it. Also, the -zrelro linker flag is used if |
|
supported. The --disable-hardening configure option can be used |
|
to build sudo without stack smashing protection. |
|
|
|
* Sudo is now built as a Position Independent Executable (PIE) |
|
if supported by the compiler and linker. |
|
|
|
* If the user is a member of the "exempt" group in sudoers, they |
|
will no longer be prompted for a password even if the -k flag |
|
is specified with the command. This makes "sudo -k command" |
|
consistent with the behavior one would get if the user ran "sudo |
|
-k" immediately before running the command. |
|
|
|
* The sudoers file may now be a symbolic link. Previously, sudo |
|
would refuse to read sudoers unless it was a regular file. |
|
|
|
* The sudoreplay command can now properly replay sessions where |
|
no tty was present. |
|
|
|
* The sudoers plugin now takes advantage of symbol visibility |
|
controls when supported by the compiler or linker. As a result, |
|
only a small number of symbols are exported which significantly |
|
reduces the chances of a conflict with other shared objects. |
|
|
|
* Improved support for the Tivoli Directory Server LDAP client |
|
libraries. This includes support for using LDAP over SSL (ldaps) |
|
as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS |
|
ldap.conf options. A new ldap.conf option, TLS_KEYPW can be |
|
used to specify a password to decrypt the key database. |
|
|
|
* When constructing a time filter for use with LDAP sudoNotBefore |
|
and sudoNotAfter attributes, the current time now includes tenths |
|
of a second. This fixes a problem with timed entries on Active |
|
Directory. |
|
|
|
* If a user fails to authenticate and the command would be rejected |
|
by sudoers, it is now logged with "command not allowed" instead |
|
of "N incorrect password attempts". Likewise, the "mail_no_perms" |
|
sudoers option now takes precedence over "mail_badpass". |
|
|
|
* The sudo manuals are now formatted using the mdoc macros. Versions |
|
using the legacy man macros are provided for systems that lack mdoc. |
|
|
|
* New support for Solaris privilege sets. This makes it possible |
|
to specify fine-grained privileges in the sudoers file on Solaris |
|
10 and above. A Runas_Spec that contains no Runas_Lists can be |
|
used to give a user the ability to run a command as themselves |
|
but with an expanded privilege set. |
|
|
|
* Fixed a problem with the reboot and shutdown commands on some |
|
systems (such as HP-UX and BSD). On these systems, reboot sends |
|
all processes (except itself) SIGTERM. When sudo received |
|
SIGTERM, it would relay it to the reboot process, thus killing |
|
reboot before it had a chance to actually reboot the system. |
|
|
|
* Support for using the System Security Services Daemon (SSSD) as |
|
a source of sudoers data. |
|
|
|
* Slovenian translation for sudo and sudoers from translationproject.org. |
|
|
|
* Visudo will now warn about unknown Defaults entries that are |
|
per-host, per-user, per-runas or per-command. |
|
|
|
* Fixed a race condition that could cause sudo to receive SIGTTOU |
|
(and stop) when resuming a shell that was run via sudo when I/O |
|
logging (and use_pty) is not enabled. |
|
|
|
* Sending SIGTSTP directly to the sudo process will now suspend the |
|
running command when I/O logging (and use_pty) is not enabled. |
|
|
|
What's new in Sudo 1.8.5p3? |
|
|
|
* Fixed the loading of I/O plugins that conform to a plugin API |
|
version older than 1.2. |
|
|
|
What's new in Sudo 1.8.5p2? |
|
|
|
* Fixed use of the SUDO_ASKPASS environment variable which was |
|
broken in Sudo 1.8.5. |
|
|
|
* Fixed a problem reading the sudoers file when the file mode is |
|
more restrictive than the expected mode. For example, when the |
|
expected sudoers file mode is 0440 but the actual mode is 0400. |
|
|
|
What's new in Sudo 1.8.5p1? |
|
|
|
* Fixed a bug that prevented files in an include directory from |
|
being evaluated. |
|
|
|
What's new in Sudo 1.8.5? |
|
|
|
* When "noexec" is enabled, sudo_noexec.so will now be prepended |
|
to any existing LD_PRELOAD variable instead of replacing it. |
|
|
|
* The sudo_noexec.so shared library now wraps the execvpe(), |
|
exect(), posix_spawn() and posix_spawnp() functions. |
|
|
|
* The user/group/mode checks on sudoers files have been relaxed. |
|
As long as the file is owned by the sudoers uid, not world-writable |
|
and not writable by a group other than the sudoers gid, the file |
|
is considered OK. Note that visudo will still set the mode to |
|
the value specified at configure time. |
|
|
|
* It is now possible to specify the sudoers path, uid, gid and |
|
file mode as options to the plugin in the sudo.conf file. |
|
|
|
* Croatian, Galician, German, Lithuanian, Swedish and Vietnamese |
|
translations from translationproject.org. |
|
|
|
* /etc/environment is no longer read directly on Linux systems |
|
when PAM is used. Sudo now merges the PAM environment into the |
|
user's environment which is typically set by the pam_env module. |
|
|
|
* The initial evironment created when env_reset is in effect now |
|
includes the contents of /etc/environment on AIX systems and the |
|
"setenv" and "path" entries from /etc/login.conf on BSD systems. |
|
|
|
* The plugin API has been extended in three ways. First, options |
|
specified in sudo.conf after the plugin pathname are passed to |
|
the plugin's open function. Second, sudo has limited support |
|
for hooks that can be used by plugins. Currently, the hooks are |
|
limited to environment handling functions. Third, the init_session |
|
policy plugin function is passed a pointer to the user environment |
|
which can be updated during session setup. The plugin API version |
|
has been incremented to version 1.2. See the sudo_plugin manual |
|
for more information. |
|
|
|
* The policy plugin's init_session function is now called by the |
|
parent sudo process, not the child process that executes the |
|
command. This allows the PAM session to be open and closed in |
|
the same process, which some PAM modules require. |
|
|
|
* Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf, |
|
which was broken in version 1.8.4. |
|
|
|
* On systems with an SVR4-style /proc file system, the /proc/pid/psinfo |
|
file is now uses to determine the controlling terminal, if possible. |
|
This allows tty-based tickets to work properly even when, e.g. |
|
standard input, output and error are redirected to /dev/null. |
|
|
|
* The output of "sudoreplay -l" is now sorted by file name (or |
|
sequence number). Previously, entries were displayed in the |
|
order in which they were found on the file system. |
|
|
|
* Sudo now behaves properly when I/O logging is enabled and the |
|
controlling terminal is revoked (e.g. the running sshd is killed). |
|
Previously, sudo may have exited without calling the I/O plugin's |
|
close function which can lead to an incomplete I/O log. |
|
|
|
* Sudo can now detect when a user has logged out and back in again |
|
on Solaris 11, just like it can on Solaris 10. |
|
|
|
* The built-in zlib included with Sudo has been upgraded to version |
|
1.2.6. |
|
|
|
* Setting the SSL parameter to start_tls in ldap.conf now works |
|
properly when using Mozilla-based SDKs that support the |
|
ldap_start_tls_s() function. |
|
|
|
* The TLS_CHECKPEER parameter in ldap.conf now works when the |
|
Mozilla NSS crypto backend is used with OpenLDAP. |
|
|
|
* A new group provider plugin, system_group, is included which |
|
performs group look ups by name using the system groups database. |
|
This can be used to restore the pre-1.7.3 sudo group lookup |
|
behavior. |
|
|
|
What's new in Sudo 1.8.4p5? |
|
|
|
* Fixed a bug when matching against an IP address with an associated |
|
netmask in the sudoers file. In certain circumstances, this |
|
could allow users to run commands on hosts they are not authorized |
|
for. |
|
|
|
What's new in Sudo 1.8.4p4? |
|
|
|
* Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v" |
|
from working. |
|
|
|
What's new in Sudo 1.8.4p3? |
|
|
|
* Fixed a crash on FreeBSD when no tty is present. |
|
|
|
* Fixed a bug introduced in Sudo 1.8.4 that allowed users to |
|
specify environment variables to set on the command line without |
|
having sudo "ALL" permissions or the "SETENV" tag. |
|
|
|
* When visudo is run with the -c (check) option, the sudoers |
|
file(s) owner and mode are now also checked unless the -f option |
|
was specified. |
|
|
|
What's new in Sudo 1.8.4p2? |
|
|
|
* Fixed a bug introduced in Sudo 1.8.4 where insufficient space |
|
was allocated for group IDs in the LDAP filter. |
|
|
|
* Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf |
|
was "/sudo.conf" instead of "/etc/sudo.conf". |
|
|
|
* Fixed a bug introduced in Sudo 1.8.4 which could cause a hang |
|
when I/O logging is enabled and input is from a pipe or file. |
|
|
|
What's new in Sudo 1.8.4p1? |
|
|
|
* Fixed a bug introduced in sudo 1.8.4 that broke adding to or |
|
deleting from the env_keep, env_check and env_delete lists in |
|
sudoers on some platforms. |
|
|
|
What's new in Sudo 1.8.4? |
|
|
|
* The -D flag in sudo has been replaced with a more general debugging |
|
framework that is configured in sudo.conf. |
|
|
|
* Fixed a false positive in visudo strict mode when aliases are |
|
in use. |
|
|
|
* Fixed a crash with "sudo -i" when a runas group was specified |
|
without a runas user. |
|
|
|
* The line on which a syntax error is reported in the sudoers file |
|
is now more accurate. Previously it was often off by a line. |
|
|
|
* Fixed a bug where stack garbage could be printed at the end of |
|
the lecture when the "lecture_file" option was enabled. |
|
|
|
* "make install" now honors the LINGUAS environment variable. |
|
|
|
* The #include and #includedir directives in sudoers now support |
|
relative paths. If the path is not fully qualified it is expected |
|
to be located in the same directory of the sudoers file that is |
|
including it. |
|
|
|
* Serbian and Spanish translations for sudo from translationproject.org. |
|
|
|
* LDAP-based sudoers may now access by group ID in addition to |
|
group name. |
|
|
|
* visudo will now fix the mode on the sudoers file even if no changes |
|
are made unless the -f option is specified. |
|
|
|
* The "use_loginclass" sudoers option works properly again. |
|
|
|
* On systems that use login.conf, "sudo -i" now sets environment |
|
variables based on login.conf. |
|
|
|
* For LDAP-based sudoers, values in the search expression are now |
|
escaped as per RFC 4515. |
|
|
|
* The plugin close function is now properly called when a login |
|
session is killed (as opposed to the actual command being killed). |
|
This can happen when an ssh session is disconnected or the |
|
terminal window is closed. |
|
|
|
* The deprecated "noexec_file" sudoers option is no longer supported. |
|
|
|
* Fixed a race condition when I/O logging is not enabled that could |
|
result in tty-generated signals (e.g. control-C) being received |
|
by the command twice. |
|
|
|
* If none of the standard input, output or error are connected to |
|
a tty device, sudo will now check its parent's standard input, |
|
output or error for the tty name on systems with /proc and BSD |
|
systems that support the KERN_PROC_PID sysctl. This allows |
|
tty-based tickets to work properly even when, e.g. standard |
|
input, output and error are redirected to /dev/null. |
|
|
|
* Added the --enable-kerb5-instance configure option to allow |
|
people using Kerberos V authentication to specify a custom |
|
instance so the principal name can be, e.g. "username/sudo" |
|
similar to how ksu uses "username/root". |
|
|
|
* Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in |
|
the results, which would be incorrectly be interpreted as if the |
|
sudoers file had specified a directory. |
|
|
|
* "visudo -c" will now list any include files that were checked |
|
in addition to the main sudoers file when everything parses OK. |
|
|
|
* Users that only have read-only access to the sudoers file may |
|
now run "visudo -c". Previously, write permissions were required |
|
even though no writing is down in check-only mode. |
|
|
|
* It is now possible to prevent the disabling of core dumps from |
|
within sudo itself by adding a line to the sudo.conf file like |
|
"Set disable_coredump false". |
|
|
What's new in Sudo 1.8.3p2? |
What's new in Sudo 1.8.3p2? |
|
|
* Fixed a format string vulnerability when the sudo binary (or a |
* Fixed a format string vulnerability when the sudo binary (or a |
Line 8 What's new in Sudo 1.8.3p1?
|
Line 732 What's new in Sudo 1.8.3p1?
|
|
|
* Fixed a crash in the monitor process on Solaris when NOPASSWD |
* Fixed a crash in the monitor process on Solaris when NOPASSWD |
was specified or when authentication was disabled. |
was specified or when authentication was disabled. |
| |
* Fixed matching of a Runas_Alias in the group section of a |
* Fixed matching of a Runas_Alias in the group section of a |
Runas_Spec. |
Runas_Spec. |
|
|
Line 80 What's new in Sudo 1.8.2?
|
Line 804 What's new in Sudo 1.8.2?
|
* Visudo now checks the contents of an alias and warns about cycles |
* Visudo now checks the contents of an alias and warns about cycles |
when the alias is expanded. |
when the alias is expanded. |
|
|
* If the user specifes a group via sudo's -g option that matches | * If the user specifies a group via sudo's -g option that matches |
the target user's group in the password database, it is now |
the target user's group in the password database, it is now |
allowed even if no groups are present in the Runas_Spec. |
allowed even if no groups are present in the Runas_Spec. |
|
|