version 1.1.1.2, 2012/05/29 12:26:48
|
version 1.1.1.3, 2012/10/09 09:29:52
|
Line 1
|
Line 1
|
|
What's new in Sudo 1.8.6p3? |
|
|
|
* Fixed post-processing of the man pages on systems with legacy |
|
versions of sed. |
|
|
|
* Fixed "sudoreplay -l" on Linux systems with file systems that |
|
set DT_UNKNOWN in the d_type field of struct dirent. |
|
|
|
What's new in Sudo 1.8.6p2? |
|
|
|
* Fixed suspending a command after it has already been resumed |
|
once when I/O logging (or use_pty) is not enabled. |
|
This was a regression introduced in version 1.8.6. |
|
|
|
What's new in Sudo 1.8.6p1? |
|
|
|
* Fixed the setting of LOGNAME, USER and USERNAME variables in the |
|
command's environment when env_reset is enabled (the default). |
|
This was a regression introduced in version 1.8.6. |
|
|
|
* Sudo now honors SUCCESS=return in /etc/nsswitch.conf. |
|
|
|
What's new in Sudo 1.8.6? |
|
|
|
* Sudo is now built with the -fstack-protector flag if the the |
|
compiler supports it. Also, the -zrelro linker flag is used if |
|
supported. The --disable-hardening configure option can be used |
|
to build sudo without stack smashing protection. |
|
|
|
* Sudo is now built as a Position Independent Executable (PIE) |
|
if supported by the compiler and linker. |
|
|
|
* If the user is a member of the "exempt" group in sudoers, they |
|
will no longer be prompted for a password even if the -k flag |
|
is specified with the command. This makes "sudo -k command" |
|
consistent with the behavior one would get if the user ran "sudo |
|
-k" immediately before running the command. |
|
|
|
* The sudoers file may now be a symbolic link. Previously, sudo |
|
would refuse to read sudoers unless it was a regular file. |
|
|
|
* The sudoreplay command can now properly replay sessions where |
|
no tty was present. |
|
|
|
* The sudoers plugin now takes advantage of symbol visibility |
|
controls when supported by the compiler or linker. As a result, |
|
only a small number of symbols are exported which significantly |
|
reduces the chances of a conflict with other shared objects. |
|
|
|
* Improved support for the Tivoli Directory Server LDAP client |
|
libraries. This includes support for using LDAP over SSL (ldaps) |
|
as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS |
|
ldap.conf options. A new ldap.conf option, TLS_KEYPW can be |
|
used to specify a password to decrypt the key database. |
|
|
|
* When constructing a time filter for use with LDAP sudoNotBefore |
|
and sudoNotAfter attributes, the current time now includes tenths |
|
of a second. This fixes a problem with timed entries on Active |
|
Directory. |
|
|
|
* If a user fails to authenticate and the command would be rejected |
|
by sudoers, it is now logged with "command not allowed" instead |
|
of "N incorrect password attempts". Likewise, the "mail_no_perms" |
|
sudoers option now takes precedence over "mail_badpass". |
|
|
|
* The sudo manuals are now formatted using the mdoc macros. Versions |
|
using the legacy man macros are provided for systems that lack mdoc. |
|
|
|
* New support for Solaris privilege sets. This makes it possible |
|
to specify fine-grained privileges in the sudoers file on Solaris |
|
10 and above. A Runas_Spec that contains no Runas_Lists can be |
|
used to give a user the ability to run a command as themselves |
|
but with an expanded privilege set. |
|
|
|
* Fixed a problem with the reboot and shutdown commands on some |
|
systems (such as HP-UX and BSD). On these systems, reboot sends |
|
all processes (except itself) SIGTERM. When sudo received |
|
SIGTERM, it would relay it to the reboot process, thus killing |
|
reboot before it had a chance to actually reboot the system. |
|
|
|
* Support for using the System Security Services Daemon (SSSD) as |
|
a source of sudoers data. |
|
|
|
* Slovenian translation for sudo and sudoers from translationproject.org. |
|
|
|
* Visudo will now warn about unknown Defaults entries that are |
|
per-host, per-user, per-runas or per-command. |
|
|
|
* Fixed a race condition that could cause sudo to receive SIGTTOU |
|
(and stop) when resuming a shell that was run via sudo when I/O |
|
logging (and use_pty) is not enabled. |
|
|
|
* Sending SIGTSTP directly to the sudo process will now suspend the |
|
running command when I/O logging (and use_pty) is not enabled. |
|
|
|
What's new in Sudo 1.8.5p3? |
|
|
|
* Fixed the loading of I/O plugins that conform to a plugin API |
|
version older than 1.2. |
|
|
|
What's new in Sudo 1.8.5p2? |
|
|
|
* Fixed use of the SUDO_ASKPASS environment variable which was |
|
broken in Sudo 1.8.5. |
|
|
|
* Fixed a problem reading the sudoers file when the file mode is |
|
more restrictive than the expected mode. For example, when the |
|
expected sudoers file mode is 0440 but the actual mode is 0400. |
|
|
What's new in Sudo 1.8.5p1? |
What's new in Sudo 1.8.5p1? |
|
|
* Fixed a bug that prevented files in an include directory from |
* Fixed a bug that prevented files in an include directory from |