version 1.1.1.4, 2013/07/22 10:46:10
|
version 1.1.1.5, 2013/10/14 07:56:33
|
Line 1
|
Line 1
|
|
What's new in Sudo 1.8.8? |
|
|
|
* Removed a warning on PAM systems with stacked auth modules |
|
where the first module on the stack does not succeed. |
|
|
|
* Sudo, sudoreplay and visudo now support GNU-style long options. |
|
|
|
* The -h (--host) option may now be used to specify a host name. |
|
This is currently only used by the sudoers plugin in conjunction |
|
with the -l (--list) option. |
|
|
|
* Program usage messages and manual SYNOPSIS sections have been |
|
simplified. |
|
|
|
* Sudo's LDAP SASL support now works properly with Kerberos. |
|
Previously, the SASL library was unable to locate the user's |
|
credential cache. |
|
|
|
* It is now possible to set the nproc resource limit to unlimited |
|
via pam_limits on Linux (bug #565). |
|
|
|
* New "pam_service" and "pam_login_service" sudoers options |
|
that can be used to specify the PAM service name to use. |
|
|
|
* New "pam_session" and "pam_setcred" sudoers options that |
|
can be used to disable PAM session and credential support. |
|
|
|
* The sudoers plugin now properly supports UIDs and GIDs |
|
that are larger than 0x7fffffff on 32-bit platforms. |
|
|
|
* Fixed a visudo bug introduced in sudo 1.8.7 where per-group |
|
Defaults entries would cause an internal error. |
|
|
|
* If the "tty_tickets" sudoers option is enabled (the default), |
|
but there is no tty present, sudo will now use a ticket file |
|
based on the parent process ID. This makes it possible to support |
|
the normal timeout behavior for the session. |
|
|
|
* Fixed a problem running commands that change their process |
|
group and then attempt to change the terminal settings when not |
|
running the command in a pseudo-terminal. Previously, the process |
|
would receive SIGTTOU since it was effectively a background |
|
process. Sudo will now grant the child the controlling tty and |
|
continue it when this happens. |
|
|
|
* The "closefrom_override" sudoers option may now be used in |
|
a command-specified Defaults entry (bug #610). |
|
|
|
* Sudo's BSM audit support now works on Solaris 11. |
|
|
|
* Brazilian Portuguese translation for sudo and sudoers from |
|
translationproject.org. |
|
|
|
* Czech translation for sudo from translationproject.org. |
|
|
|
* French translation for sudo from translationproject.org. |
|
|
|
* Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic |
|
symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1 |
|
which causes issues with some programs. |
|
|
|
* Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6. |
|
|
|
* Root may no longer change its SELinux role without entering |
|
a password. |
|
|
|
* Fixed a bug introduced in Sudo 1.8.7 where the indexes written |
|
to the I/O log timing file are two greater than they should be. |
|
Sudoreplay now contains a work-around to parse those files. |
|
|
|
* In sudoreplay's list mode, the "this" qualifier in "fromdate" |
|
or "todate" expressions now behaves more sensibly. Previously, |
|
it would often match a date that was "one more" than expected. |
|
For example, "this week" now matches the current week instead |
|
of the following week. |
|
|
What's new in Sudo 1.8.7? |
What's new in Sudo 1.8.7? |
|
|
* The non-Unix group plugin is now supported when sudoers data |
* The non-Unix group plugin is now supported when sudoers data |
Line 18 What's new in Sudo 1.8.7?
|
Line 94 What's new in Sudo 1.8.7?
|
run the command without read access to the terminal when running |
run the command without read access to the terminal when running |
a command in a pseudo-tty. If the command tries to read from |
a command in a pseudo-tty. If the command tries to read from |
the terminal it will be stopped by the kernel (via SIGTTIN or |
the terminal it will be stopped by the kernel (via SIGTTIN or |
SIGTTOU) and sudo will immediately restart it as the forground | SIGTTOU) and sudo will immediately restart it as the foreground |
process (if possible). This allows sudo to only pass terminal |
process (if possible). This allows sudo to only pass terminal |
input to the program if the program actually is expecting it. |
input to the program if the program actually is expecting it. |
Unfortunately, a few poorly-behaved programs (like "su" on most |
Unfortunately, a few poorly-behaved programs (like "su" on most |
Line 37 What's new in Sudo 1.8.7?
|
Line 113 What's new in Sudo 1.8.7?
|
determined. Legal values are "static" (use the kernel groups |
determined. Legal values are "static" (use the kernel groups |
list), "dynamic" (perform a group database query) and "adaptive" |
list), "dynamic" (perform a group database query) and "adaptive" |
(only perform a group database query if the kernel list is full). |
(only perform a group database query if the kernel list is full). |
The "max_groups" specifies the maximum number of groups a user may | The "max_groups" setting specifies the maximum number of groups |
belong to when performing a group database query. | a user may belong to when performing a group database query. |
|
|
* The sudo.conf file now supports line continuation by using a |
* The sudo.conf file now supports line continuation by using a |
backslash as the last character on the line. |
backslash as the last character on the line. |
|
|
* There is now a standalone sudo.conf manual page. |
* There is now a standalone sudo.conf manual page. |
|
|
* Sudo now stores its libexec files in a "sudo" subdirectory instead | * Sudo now stores its libexec files in a "sudo" sub-directory instead |
of in libexec itself. For backwards compatibility, if the plugin |
of in libexec itself. For backwards compatibility, if the plugin |
is not found in the default plugin directory, sudo will check |
is not found in the default plugin directory, sudo will check |
the parent directory if the default directory ends in "/sudo". |
the parent directory if the default directory ends in "/sudo". |