Annotation of embedaddon/sudo/NEWS, revision 1.1.1.3
1.1.1.3 ! misho 1: What's new in Sudo 1.8.6p3?
! 2:
! 3: * Fixed post-processing of the man pages on systems with legacy
! 4: versions of sed.
! 5:
! 6: * Fixed "sudoreplay -l" on Linux systems with file systems that
! 7: set DT_UNKNOWN in the d_type field of struct dirent.
! 8:
! 9: What's new in Sudo 1.8.6p2?
! 10:
! 11: * Fixed suspending a command after it has already been resumed
! 12: once when I/O logging (or use_pty) is not enabled.
! 13: This was a regression introduced in version 1.8.6.
! 14:
! 15: What's new in Sudo 1.8.6p1?
! 16:
! 17: * Fixed the setting of LOGNAME, USER and USERNAME variables in the
! 18: command's environment when env_reset is enabled (the default).
! 19: This was a regression introduced in version 1.8.6.
! 20:
! 21: * Sudo now honors SUCCESS=return in /etc/nsswitch.conf.
! 22:
! 23: What's new in Sudo 1.8.6?
! 24:
! 25: * Sudo is now built with the -fstack-protector flag if the the
! 26: compiler supports it. Also, the -zrelro linker flag is used if
! 27: supported. The --disable-hardening configure option can be used
! 28: to build sudo without stack smashing protection.
! 29:
! 30: * Sudo is now built as a Position Independent Executable (PIE)
! 31: if supported by the compiler and linker.
! 32:
! 33: * If the user is a member of the "exempt" group in sudoers, they
! 34: will no longer be prompted for a password even if the -k flag
! 35: is specified with the command. This makes "sudo -k command"
! 36: consistent with the behavior one would get if the user ran "sudo
! 37: -k" immediately before running the command.
! 38:
! 39: * The sudoers file may now be a symbolic link. Previously, sudo
! 40: would refuse to read sudoers unless it was a regular file.
! 41:
! 42: * The sudoreplay command can now properly replay sessions where
! 43: no tty was present.
! 44:
! 45: * The sudoers plugin now takes advantage of symbol visibility
! 46: controls when supported by the compiler or linker. As a result,
! 47: only a small number of symbols are exported which significantly
! 48: reduces the chances of a conflict with other shared objects.
! 49:
! 50: * Improved support for the Tivoli Directory Server LDAP client
! 51: libraries. This includes support for using LDAP over SSL (ldaps)
! 52: as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
! 53: ldap.conf options. A new ldap.conf option, TLS_KEYPW can be
! 54: used to specify a password to decrypt the key database.
! 55:
! 56: * When constructing a time filter for use with LDAP sudoNotBefore
! 57: and sudoNotAfter attributes, the current time now includes tenths
! 58: of a second. This fixes a problem with timed entries on Active
! 59: Directory.
! 60:
! 61: * If a user fails to authenticate and the command would be rejected
! 62: by sudoers, it is now logged with "command not allowed" instead
! 63: of "N incorrect password attempts". Likewise, the "mail_no_perms"
! 64: sudoers option now takes precedence over "mail_badpass".
! 65:
! 66: * The sudo manuals are now formatted using the mdoc macros. Versions
! 67: using the legacy man macros are provided for systems that lack mdoc.
! 68:
! 69: * New support for Solaris privilege sets. This makes it possible
! 70: to specify fine-grained privileges in the sudoers file on Solaris
! 71: 10 and above. A Runas_Spec that contains no Runas_Lists can be
! 72: used to give a user the ability to run a command as themselves
! 73: but with an expanded privilege set.
! 74:
! 75: * Fixed a problem with the reboot and shutdown commands on some
! 76: systems (such as HP-UX and BSD). On these systems, reboot sends
! 77: all processes (except itself) SIGTERM. When sudo received
! 78: SIGTERM, it would relay it to the reboot process, thus killing
! 79: reboot before it had a chance to actually reboot the system.
! 80:
! 81: * Support for using the System Security Services Daemon (SSSD) as
! 82: a source of sudoers data.
! 83:
! 84: * Slovenian translation for sudo and sudoers from translationproject.org.
! 85:
! 86: * Visudo will now warn about unknown Defaults entries that are
! 87: per-host, per-user, per-runas or per-command.
! 88:
! 89: * Fixed a race condition that could cause sudo to receive SIGTTOU
! 90: (and stop) when resuming a shell that was run via sudo when I/O
! 91: logging (and use_pty) is not enabled.
! 92:
! 93: * Sending SIGTSTP directly to the sudo process will now suspend the
! 94: running command when I/O logging (and use_pty) is not enabled.
! 95:
! 96: What's new in Sudo 1.8.5p3?
! 97:
! 98: * Fixed the loading of I/O plugins that conform to a plugin API
! 99: version older than 1.2.
! 100:
! 101: What's new in Sudo 1.8.5p2?
! 102:
! 103: * Fixed use of the SUDO_ASKPASS environment variable which was
! 104: broken in Sudo 1.8.5.
! 105:
! 106: * Fixed a problem reading the sudoers file when the file mode is
! 107: more restrictive than the expected mode. For example, when the
! 108: expected sudoers file mode is 0440 but the actual mode is 0400.
! 109:
1.1.1.2 misho 110: What's new in Sudo 1.8.5p1?
111:
112: * Fixed a bug that prevented files in an include directory from
113: being evaluated.
114:
115: What's new in Sudo 1.8.5?
116:
117: * When "noexec" is enabled, sudo_noexec.so will now be prepended
118: to any existing LD_PRELOAD variable instead of replacing it.
119:
120: * The sudo_noexec.so shared library now wraps the execvpe(),
121: exect(), posix_spawn() and posix_spawnp() functions.
122:
123: * The user/group/mode checks on sudoers files have been relaxed.
124: As long as the file is owned by the sudoers uid, not world-writable
125: and not writable by a group other than the sudoers gid, the file
126: is considered OK. Note that visudo will still set the mode to
127: the value specified at configure time.
128:
129: * It is now possible to specify the sudoers path, uid, gid and
130: file mode as options to the plugin in the sudo.conf file.
131:
132: * Croatian, Galician, German, Lithuanian, Swedish and Vietnamese
133: translations from translationproject.org.
134:
135: * /etc/environment is no longer read directly on Linux systems
136: when PAM is used. Sudo now merges the PAM environment into the
137: user's environment which is typically set by the pam_env module.
138:
139: * The initial evironment created when env_reset is in effect now
140: includes the contents of /etc/environment on AIX systems and the
141: "setenv" and "path" entries from /etc/login.conf on BSD systems.
142:
143: * The plugin API has been extended in three ways. First, options
144: specified in sudo.conf after the plugin pathname are passed to
145: the plugin's open function. Second, sudo has limited support
146: for hooks that can be used by plugins. Currently, the hooks are
147: limited to environment handling functions. Third, the init_session
148: policy plugin function is passed a pointer to the user environment
149: which can be updated during session setup. The plugin API version
150: has been incremented to version 1.2. See the sudo_plugin manual
151: for more information.
152:
153: * The policy plugin's init_session function is now called by the
154: parent sudo process, not the child process that executes the
155: command. This allows the PAM session to be open and closed in
156: the same process, which some PAM modules require.
157:
158: * Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf,
159: which was broken in version 1.8.4.
160:
161: * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
162: file is now uses to determine the controlling terminal, if possible.
163: This allows tty-based tickets to work properly even when, e.g.
164: standard input, output and error are redirected to /dev/null.
165:
166: * The output of "sudoreplay -l" is now sorted by file name (or
167: sequence number). Previously, entries were displayed in the
168: order in which they were found on the file system.
169:
170: * Sudo now behaves properly when I/O logging is enabled and the
171: controlling terminal is revoked (e.g. the running sshd is killed).
172: Previously, sudo may have exited without calling the I/O plugin's
173: close function which can lead to an incomplete I/O log.
174:
175: * Sudo can now detect when a user has logged out and back in again
176: on Solaris 11, just like it can on Solaris 10.
177:
178: * The built-in zlib included with Sudo has been upgraded to version
179: 1.2.6.
180:
181: * Setting the SSL parameter to start_tls in ldap.conf now works
182: properly when using Mozilla-based SDKs that support the
183: ldap_start_tls_s() function.
184:
185: * The TLS_CHECKPEER parameter in ldap.conf now works when the
186: Mozilla NSS crypto backend is used with OpenLDAP.
187:
188: * A new group provider plugin, system_group, is included which
189: performs group look ups by name using the system groups database.
190: This can be used to restore the pre-1.7.3 sudo group lookup
191: behavior.
192:
193: What's new in Sudo 1.8.4p5?
194:
195: * Fixed a bug when matching against an IP address with an associated
196: netmask in the sudoers file. In certain circumstances, this
197: could allow users to run commands on hosts they are not authorized
198: for.
199:
200: What's new in Sudo 1.8.4p4?
201:
202: * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v"
203: from working.
204:
205: What's new in Sudo 1.8.4p3?
206:
207: * Fixed a crash on FreeBSD when no tty is present.
208:
209: * Fixed a bug introduced in Sudo 1.8.4 that allowed users to
210: specify environment variables to set on the command line without
211: having sudo "ALL" permissions or the "SETENV" tag.
212:
213: * When visudo is run with the -c (check) option, the sudoers
214: file(s) owner and mode are now also checked unless the -f option
215: was specified.
216:
217: What's new in Sudo 1.8.4p2?
218:
219: * Fixed a bug introduced in Sudo 1.8.4 where insufficient space
220: was allocated for group IDs in the LDAP filter.
221:
222: * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf
223: was "/sudo.conf" instead of "/etc/sudo.conf".
224:
225: * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang
226: when I/O logging is enabled and input is from a pipe or file.
227:
228: What's new in Sudo 1.8.4p1?
229:
230: * Fixed a bug introduced in sudo 1.8.4 that broke adding to or
231: deleting from the env_keep, env_check and env_delete lists in
232: sudoers on some platforms.
233:
234: What's new in Sudo 1.8.4?
235:
236: * The -D flag in sudo has been replaced with a more general debugging
237: framework that is configured in sudo.conf.
238:
239: * Fixed a false positive in visudo strict mode when aliases are
240: in use.
241:
242: * Fixed a crash with "sudo -i" when a runas group was specified
243: without a runas user.
244:
245: * The line on which a syntax error is reported in the sudoers file
246: is now more accurate. Previously it was often off by a line.
247:
248: * Fixed a bug where stack garbage could be printed at the end of
249: the lecture when the "lecture_file" option was enabled.
250:
251: * "make install" now honors the LINGUAS environment variable.
252:
253: * The #include and #includedir directives in sudoers now support
254: relative paths. If the path is not fully qualified it is expected
255: to be located in the same directory of the sudoers file that is
256: including it.
257:
258: * Serbian and Spanish translations for sudo from translationproject.org.
259:
260: * LDAP-based sudoers may now access by group ID in addition to
261: group name.
262:
263: * visudo will now fix the mode on the sudoers file even if no changes
264: are made unless the -f option is specified.
265:
266: * The "use_loginclass" sudoers option works properly again.
267:
268: * On systems that use login.conf, "sudo -i" now sets environment
269: variables based on login.conf.
270:
271: * For LDAP-based sudoers, values in the search expression are now
272: escaped as per RFC 4515.
273:
274: * The plugin close function is now properly called when a login
275: session is killed (as opposed to the actual command being killed).
276: This can happen when an ssh session is disconnected or the
277: terminal window is closed.
278:
279: * The deprecated "noexec_file" sudoers option is no longer supported.
280:
281: * Fixed a race condition when I/O logging is not enabled that could
282: result in tty-generated signals (e.g. control-C) being received
283: by the command twice.
284:
285: * If none of the standard input, output or error are connected to
286: a tty device, sudo will now check its parent's standard input,
287: output or error for the tty name on systems with /proc and BSD
288: systems that support the KERN_PROC_PID sysctl. This allows
289: tty-based tickets to work properly even when, e.g. standard
290: input, output and error are redirected to /dev/null.
291:
292: * Added the --enable-kerb5-instance configure option to allow
293: people using Kerberos V authentication to specify a custom
294: instance so the principal name can be, e.g. "username/sudo"
295: similar to how ksu uses "username/root".
296:
297: * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
298: the results, which would be incorrectly be interpreted as if the
299: sudoers file had specified a directory.
300:
301: * "visudo -c" will now list any include files that were checked
302: in addition to the main sudoers file when everything parses OK.
303:
304: * Users that only have read-only access to the sudoers file may
305: now run "visudo -c". Previously, write permissions were required
306: even though no writing is down in check-only mode.
307:
308: * It is now possible to prevent the disabling of core dumps from
309: within sudo itself by adding a line to the sudo.conf file like
310: "Set disable_coredump false".
311:
1.1 misho 312: What's new in Sudo 1.8.3p2?
313:
314: * Fixed a format string vulnerability when the sudo binary (or a
315: symbolic link to the sudo binary) contains printf format escapes
316: and the -D (debugging) flag is used.
317:
318: What's new in Sudo 1.8.3p1?
319:
320: * Fixed a crash in the monitor process on Solaris when NOPASSWD
321: was specified or when authentication was disabled.
322:
323: * Fixed matching of a Runas_Alias in the group section of a
324: Runas_Spec.
325:
326: What's new in Sudo 1.8.3?
327:
328: * Fixed expansion of strftime() escape sequences in the "log_dir"
329: sudoers setting.
330:
331: * Esperanto, Italian and Japanese translations from translationproject.org.
332:
333: * Sudo will now use PAM by default on AIX 6 and higher.
334:
335: * Added --enable-werror configure option for gcc's -Werror flag.
336:
337: * Visudo no longer assumes all editors support the +linenumber
338: command line argument. It now uses a whitelist of editors known
339: to support the option.
340:
341: * Fixed matching of network addresses when a netmask is specified
342: but the address is not the first one in the CIDR block.
343:
344: * The configure script now check whether or not errno.h declares
345: the errno variable. Previously, sudo would always declare errno
346: itself for older systems that don't declare it in errno.h.
347:
348: * The NOPASSWD tag is now honored for denied commands too, which
349: matches historic sudo behavior (prior to sudo 1.7.0).
350:
351: * Sudo now honors the "DEREF" setting in ldap.conf which controls
352: how alias dereferencing is done during an LDAP search.
353:
354: * A symbol conflict with the pam_ssh_agent_auth PAM module that
355: would cause a crash been resolved.
356:
357: * The inability to load a group provider plugin is no longer
358: a fatal error.
359:
360: * A potential crash in the utmp handling code has been fixed.
361:
362: * Two PAM session issues have been resolved. In previous versions
363: of sudo, the PAM session was opened as one user and closed as
364: another. Additionally, if no authentication was performed, the
365: PAM session would never be closed.
366:
367: * Sudo will now work correctly with LDAP-based sudoers using TLS
368: or SSL on Debian systems.
369:
370: * The LOGNAME, USER and USERNAME environment variables are preserved
371: correctly again in sudoedit mode.
372:
373: What's new in Sudo 1.8.2?
374:
375: * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural
376: language support (NLS). This can be disabled by passing configure
377: the --disable-nls option. Sudo will use gettext(), if available,
378: to display translated messages. All translations are coordinated
379: via The Translation Project, http://translationproject.org/.
380:
381: * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of
382: RTLD_LOCAL. This fixes missing symbol problems in PAM modules
383: on certain platforms, such as FreeBSD and SuSE Linux Enterprise.
384:
385: * I/O logging is now supported for commands run in background mode
386: (using sudo's -b flag).
387:
388: * Group ownership of the sudoers file is now only enforced when
389: the file mode on sudoers allows group readability or writability.
390:
391: * Visudo now checks the contents of an alias and warns about cycles
392: when the alias is expanded.
393:
1.1.1.2 misho 394: * If the user specifies a group via sudo's -g option that matches
1.1 misho 395: the target user's group in the password database, it is now
396: allowed even if no groups are present in the Runas_Spec.
397:
398: * The sudo Makefiles now have more complete dependencies which are
399: automatically generated instead of being maintained manually.
400:
401: * The "use_pty" sudoers option is now correctly passed back to the
402: sudo front end. This was missing in previous versions of sudo
403: 1.8 which prevented "use_pty" from being honored.
404:
405: * "sudo -i command" now works correctly with the bash version
406: 2.0 and higher. Previously, the .bash_profile would not be
407: sourced prior to running the command unless bash was built with
408: NON_INTERACTIVE_LOGIN_SHELLS defined.
409:
410: * When matching groups in the sudoers file, sudo will now match
411: based on the name of the group instead of the group ID. This can
412: substantially reduce the number of group lookups for sudoers
413: files that contain a large number of groups.
414:
415: * Multi-factor authentication is now supported on AIX.
416:
417: * Added support for non-RFC 4517 compliant LDAP servers that require
418: that seconds be present in a timestamp, such as Tivoli Directory Server.
419:
420: * If the group vector is to be preserved, the PATH search for the
421: command is now done with the user's original group vector.
422:
423: * For LDAP-based sudoers, the "runas_default" sudoOption now works
424: properly in a sudoRole that contains a sudoCommand.
425:
426: * Spaces in command line arguments for "sudo -s" and "sudo -i" are
427: now escaped with a backslash when checking the security policy.
428:
429: What's new in Sudo 1.8.1p2?
430:
431: * Two-character CIDR-style IPv4 netmasks are now matched correctly
432: in the sudoers file.
433:
434: * A build error with MIT Kerberos V has been resolved.
435:
436: * A crash on HP-UX in the sudoers plugin when wildcards are
437: present in the sudoers file has been resolved.
438:
439: * Sudo now works correctly on Tru64 Unix again.
440:
441: What's new in Sudo 1.8.1p1?
442:
443: * Fixed a problem on AIX where sudo was unable to set the final
444: uid if the PAM module modified the effective uid.
445:
446: * A non-existent includedir is now treated the same as an empty
447: directory and not reported as an error.
448:
449: * Removed extraneous parens in LDAP filter when sudoers_search_filter
450: is enabled that can cause an LDAP search error.
451:
452: * Fixed a "make -j" problem for "make install".
453:
454: What's new in Sudo 1.8.1?
455:
456: * A new LDAP setting, sudoers_search_filter, has been added to
457: ldap.conf. This setting can be used to restrict the set of
458: records returned by the LDAP query. Based on changes from Matthew
459: Thomas.
460:
461: * White space is now permitted within a User_List when used in
462: conjunction with a per-user Defaults definition.
463:
464: * A group ID (%#gid) may now be specified in a User_List or Runas_List.
465: Likewise, for non-Unix groups the syntax is %:#gid.
466:
467: * Support for double-quoted words in the sudoers file has been fixed.
468: The change in 1.7.5 for escaping the double quote character
469: caused the double quoting to only be available at the beginning
470: of an entry.
471:
472: * The fix for resuming a suspended shell in 1.7.5 caused problems
473: with resuming non-shells on Linux. Sudo will now save the process
474: group ID of the program it is running on suspend and restore it
475: when resuming, which fixes both problems.
476:
477: * A bug that could result in corrupted output in "sudo -l" has been
478: fixed.
479:
480: * Sudo will now create an entry in the utmp (or utmpx) file when
481: allocating a pseudo-tty (e.g. when logging I/O). The "set_utmp"
482: and "utmp_runas" sudoers file options can be used to control this.
483: Other policy plugins may use the "set_utmp" and "utmp_user"
484: entries in the command_info list.
485:
486: * The sudoers policy now stores the TSID field in the logs
487: even when the "iolog_file" sudoers option is defined to a value
488: other than %{sessid}. Previously, the TSID field was only
489: included in the log file when the "iolog_file" option was set
490: to its default value.
491:
492: * The sudoreplay utility now supports arbitrary session IDs.
493: Previously, it would only work with the base-36 session IDs
494: that the sudoers plugin uses by default.
495:
496: * Sudo now passes "run_shell=true" to the policy plugin in the
497: settings list when sudo's -s command line option is specified.
498: The sudoers policy plugin uses this to implement the "set_home"
499: sudoers option which was missing from sudo 1.8.0.
500:
501: * The "noexec" functionality has been moved out of the sudoers
502: policy plugin and into the sudo front-end, which matches the
503: behavior documented in the plugin writer's guide. As a result,
504: the path to the noexec file is now specified in the sudo.conf
505: file instead of the sudoers file.
506:
507: * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to
508: implement the "noexec" feature. Previously, this was implemented
509: via the LD_PRELOAD environment variable.
510:
511: * The exit values for "sudo -l", "sudo -v" and "sudo -l command"
512: have been fixed in the sudoers policy plugin.
513:
514: * The sudoers policy plugin now passes the login class, if any,
515: back to the sudo front-end.
516:
517: * The sudoers policy plugin was not being linked with requisite
518: libraries in certain configurations.
519:
520: * Sudo now parses command line arguments before loading any plugins.
521: This allows "sudo -V" or "sudo -h" to work even if there is a problem
522: with sudo.conf
523:
524: * Plugins are now linked with the static version of libgcc to allow
525: the plugin to run on a system where no shared libgcc is installed,
526: or where it is installed in a different location.
527:
528: What's new in Sudo 1.8.0?
529:
530: * Sudo has been refactored to use a modular framework that can
531: support third-party policy and I/O logging plugins. The default
532: plugin is "sudoers" which provides the traditional sudo functionality.
533: See the sudo_plugin manual for details on the plugin API and the
534: sample in the plugins directory for a simple example.
535:
536: What's new in Sudo 1.7.5?
537:
538: * When using visudo in check mode, a file named "-" may be used to
539: check sudoers data on the standard input.
540:
541: * Sudo now only fetches shadow password entries when using the
542: password database directly for authentication.
543:
544: * Password and group entries are now cached using the same key
545: that was used to look them up. This fixes a problem when looking
546: up entries by name if the name in the retrieved entry does not
547: match the name used to look it up. This may happen on some systems
548: that do case insensitive lookups or that truncate long names.
549:
550: * GCC will no longer display warnings on glibc systems that use
551: the warn_unused_result attribute for write(2) and other system calls.
552:
553: * If a PAM account management module denies access, sudo now prints
554: a more useful error message and stops trying to validate the user.
555:
556: * Fixed a potential hang on idle systems when the sudo-run process
557: exits immediately.
558:
559: * Sudo now includes a copy of zlib that will be used on systems
560: that do not have zlib installed.
561:
562: * The --with-umask-override configure flag has been added to enable
563: the "umask_override" sudoers Defaults option at build time.
564:
565: * Sudo now unblocks all signals on startup to avoid problems caused
566: by the parent process changing the default signal mask.
567:
568: * LDAP Sudoers entries may now specify a time period for which
569: the entry is valid. This requires an updated sudoers schema
570: that includes the sudoNotBefore and sudoNotAfter attributes.
571: Support for timed entries must be explicitly enabled in the
572: ldap.conf file. Based on changes from Andreas Mueller.
573:
574: * LDAP Sudoers entries may now specify a sudoOrder attribute that
575: determines the order in which matching entries are applied. The
576: last matching entry is used, just like file-based sudoers. This
577: requires an updated sudoers schema that includes the sudoOrder
578: attribute. Based on changes from Andreas Mueller.
579:
580: * When run as sudoedit, or when given the -e flag, sudo now treats
581: command line arguments as pathnames. This means that slashes
582: in the sudoers file entry must explicitly match slashes in
583: the command line arguments. As a result, and entry such as:
584: user ALL = sudoedit /etc/*
585: will allow editing of /etc/motd but not /etc/security/default.
586:
587: * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for
588: compatibility with OpenLDAP configuration files.
589:
590: * The LDAP API TIMEOUT parameter is now honored in ldap.conf.
591:
592: * The I/O log directory may now be specified in the sudoers file.
593:
594: * Sudo will no longer refuse to run if the sudoers file is writable
595: by root.
596:
597: * Sudo now performs command line escaping for "sudo -s" and "sudo -i"
598: after validating the command so the sudoers entries do not need
599: to include the backslashes.
600:
601: * Logging and email sending are now done in the locale specified
602: by the "sudoers_locale" setting ("C" by default). Email send by
603: sudo now includes MIME headers when "sudoers_locale" is not "C".
604:
605: * The configure script has a new option, --disable-env-reset, to
606: allow one to change the default for the sudoers Default setting
607: "env_reset" at compile time.
608:
609: * When logging "sudo -l command", sudo will now prepend "list "
610: to the command in the log line to distinguish between an
611: actual command invocation in the logs.
612:
613: * Double-quoted group and user names may now include escaped double
614: quotes as part of the name. Previously this was a parse error.
615:
616: * Sudo once again restores the state of the signal handlers it
617: modifies before executing the command. This allows sudo to be
618: used with the nohup command.
619:
620: * Resuming a suspended shell now works properly when I/O logging
621: is not enabled (the I/O logging case was already correct).
622:
623: What's new in Sudo 1.7.4p6?
624:
625: * A bug has been fixed in the I/O logging support that could cause
626: visual artifacts in full-screen programs such as text editors.
627:
628: What's new in Sudo 1.7.4p5?
629:
630: * A bug has been fixed that would allow a command to be run without the
631: user entering a password when sudo's -g flag is used without the -u flag.
632:
633: * If user has no supplementary groups, sudo will now fall back on checking
634: the group file explicitly, which restores historic sudo behavior.
635:
636: * A crash has been fixed when sudo's -g flag is used without the -u flag
637: and the sudoers file contains an entry with no runas user or group listed.
638:
639: * A crash has been fixed when the Solaris project support is enabled
640: and sudo's -g flag is used without the -u flag.
641:
642: * Sudo no longer exits with an error when support for auditing is
643: compiled in but auditing is not enabled.
644:
645: * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
646: being honored when the "targetpw" sudoers Defaults option was enabled.
647:
648: * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
649:
650: * A crash has been fixed in "sudo -l" when sudo is built with auditing
651: support and the user is not allowed to run any commands on the host.
652:
653: What's new in Sudo 1.7.4p4?
654:
655: * A potential security issue has been fixed with respect to the handling
656: of sudo's -g command line option when -u is also specified. The flaw
657: may allow an attacker to run commands as a user that is not authorized
658: by the sudoers file.
659:
660: * A bug has been fixed where "sudo -l" output was incomplete if multiple
661: sudoers sources were defined in nsswitch.conf and there was an error
662: querying one of the sources.
663:
664: * The log_input, log_output, and use_pty sudoers options now work correctly
665: on AIX. Previously, sudo would hang if they were enabled.
666:
667: * The "make install" target now works correctly when sudo is built in a
668: directory other than the source directory.
669:
670: * The "runas_default" sudoers setting now works properly in a per-command
671: Defaults line.
672:
673: * Suspending and resuming the bash shell when PAM is in use now works
674: correctly. The SIGCONT signal was not propagated to the child process.
675:
676: What's new in Sudo 1.7.4p3?
677:
678: * A bug has been fixed where duplicate HOME environment variables could be
679: present when the env_reset setting was disabled and the always_set_home
680: setting was enabled in sudoers.
681:
682: * The value of sysconfdir is now substituted into the path to the sudoers.d
683: directory in the installed sudoers file.
684:
685: * Compilation problems on IRIX and other platforms have been fixed.
686:
687: * If multiple PAM "auth" actions are specified and the user enters ^C at
688: the password prompt, sudo will no longer prompt for a password for any
689: subsequent "auth" actions. Previously it was necessary to enter ^C for
690: each "auth" action.
691:
692: What's new in Sudo 1.7.4p2?
693:
694: * A bug where sudo could spin in a busy loop waiting for the child process
695: has been fixed.
696:
697: What's new in Sudo 1.7.4p1?
698:
699: * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from
700: functioning when the tty_tickets sudoers option is enabled has been fixed.
701:
702: * Sudo no longer prints a warning when the -k or -K options are specified
703: and the ticket file does not exist.
704:
705: * It is now easier to cross-compile sudo.
706:
707: What's new in Sudo 1.7.4?
708:
709: * Sudoedit will now preserve the file extension in the name of the
710: temporary file being edited. The extension is used by some
711: editors (such as emacs) to choose the editing mode.
712:
713: * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
714: /var/lib/sudo or /var/adm/sudo. The directories are checked for
715: existence in that order. This prevents users from receiving the
716: sudo lecture every time the system reboots. Time stamp files older
717: than the boot time are ignored on systems where it is possible to
718: determine this.
719:
720: * The tty_tickets sudoers option is now enabled by default.
721:
722: * Ancillary documentation (README files, LICENSE, etc) is now installed
723: in a sudo documentation directory.
724:
725: * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
726: in ldap.conf.
727:
728: * Defaults settings that are tied to a user, host or command may
729: now include the negation operator. For example:
730: Defaults:!millert lecture
731: will match any user but millert.
732:
733: * The default PATH environment variable, used when no PATH variable
734: exists, now includes /usr/sbin and /sbin.
735:
736: * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
737: for cross-platform packing.
738:
739: * On Linux, sudo will now restore the nproc resource limit before
740: executing a command, unless the limit appears to have been modified
741: by pam_limits. This avoids a problem with bash scripts that open
742: more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
743: will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
744:
745: * The HOME and MAIL environment variables are now reset based on the
746: target user's password database entry when the env_reset sudoers option
747: is enabled (which is the case in the default configuration). Users
748: wishing to preserve the original values should use a sudoers entry like:
749: Defaults env_keep += HOME
750: to preserve the old value of HOME and
751: Defaults env_keep += MAIL
752: to preserve the old value of MAIL.
753:
754: * Fixed a problem in the restoration of the AIX authdb registry setting.
755:
756: * Sudo will now fork(2) and wait until the command has completed before
757: calling pam_close_session().
758:
759: * The default syslog facility is now "authpriv" if the operating system
760: supports it, else "auth".
761:
762: What's new in Sudo 1.7.3?
763:
764: * Support for logging I/O for the command being run.
765: For more information, see the documentation for the "log_input"
766: and "log_output" Defaults options in the sudoers manual. Also
767: see the sudoreplay manual for how to replay I/O log sessions.
768:
769: * The use_pty sudoers option can be used to force a command to be
770: run in a pseudo-pty, even when I/O logging is not enabled.
771:
772: * On some systems, sudo can now detect when a user has logged out
773: and back in again when tty-based time stamps are in use. Supported
774: systems include Solaris systems with the devices file system,
775: Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
776: only).
777:
778: * On AIX systems, the registry setting in /etc/security/user is
779: now taken into account when looking up users and groups. Sudo
780: now applies the correct the user and group ids when running a
781: command as a user whose account details come from a different
782: source (e.g. LDAP or DCE vs. local files).
783:
784: * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
785: When multiple entries are listed, sudo will try each one in the
786: order in which they are specified.
787:
788: * Sudo's SELinux support should now function correctly when running
789: commands as a non-root user and when one of stdin, stdout or stderr
790: is not a terminal.
791:
792: * Sudo will now use the Linux audit system with configure with
793: the --with-linux-audit flag.
794:
795: * Sudo now uses mbr_check_membership() on systems that support it
796: to determine group membership. Currently, only Darwin (Mac OS X)
797: supports this.
798:
799: * When the tty_tickets sudoers option is enabled but there is no
800: terminal device, sudo will no longer use or create a tty-based
801: ticket file. Previously, sudo would use a tty name of "unknown".
802: As a consequence, if a user has no terminal device, sudo will
803: now always prompt for a password.
804:
805: * The passwd_timeout and timestamp_timeout options may now be
806: specified as floating point numbers for more granular timeout
807: values.
808:
809: * Negating the fqdn option in sudoers now works correctly when sudo
810: is configured with the --with-fqdn option. In previous versions
811: of sudo the fqdn was set before sudoers was parsed.
812:
813: What's new in Sudo 1.7.2?
814:
815: * A new #includedir directive is available in sudoers. This can be
816: used to implement an /etc/sudo.d directory. Files in an includedir
817: are not edited by visudo unless they contain a syntax error.
818:
819: * The -g option did not work properly when only setting the group
820: (and not the user). Also, in -l mode the wrong user was displayed
821: for sudoers entries where only the group was allowed to be set.
822:
823: * Fixed a problem with the alias checking in visudo which
824: could prevent visudo from exiting.
825:
826: * Sudo will now correctly parse the shell-style /etc/environment
827: file format used by pam_env on Linux.
828:
829: * When doing password and group database lookups, sudo will only
830: cache an entry by name or by id, depending on how the entry was
831: looked up. Previously, sudo would cache by both name and id
832: from a single lookup, but this breaks sites that have multiple
833: password or group database names that map to the same uid or
834: gid.
835:
836: * User and group names in sudoers may now be enclosed in double
837: quotes to avoid having to escape special characters.
838:
839: * BSM audit fixes when changing to a non-root uid.
840:
841: * Experimental non-Unix group support. Currently only works with
842: Quest Authorization Services and allows Active Directory groups
843: fixes for Minix-3.
844:
845: * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
846: paths may be specified as a directory or a file. However, version
847: 5.0 of the SDK only appears to support using a directory (despite
848: documentation to the contrary). If SSL client initialization
849: fails and the certificate or key paths look like they could be
850: default file name, strip off the last path element and try again.
851:
852: * A setenv() compatibility fix for Linux systems, where a NULL
853: value is treated the same as an empty string and the variable
854: name is checked against the NULL pointer.
855:
856: What's new in Sudo 1.7.1?
857:
858: * A new Defaults option "pwfeedback" will cause sudo to provide visual
859: feedback when the user is entering a password.
860:
861: * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
862: function for file name globbing instead of glob(). When this option
863: is enabled, sudo will not check the file system when expanding wildcards.
864: This is faster but a side effect is that relative paths with wildcard
865: will no longer work.
866:
867: * New BSM audit support for systems that support it such as FreeBSD
868: and Mac OS X.
869:
870: * The file name specified with the #include directive may now include
871: a %h escape which is expanded to the short form of hostname.
872:
873: * The -k flag may now be specified along with a command, causing the
874: user's timestamp file to be ignored.
875:
876: * New support for Tivoli-based LDAP START_TLS, present in AIX.
877:
878: * New support for /etc/netsvc.conf on AIX.
879:
880: * The unused alias checks in visudo now handle the case of an alias
881: referring to another alias.
882:
883: What's new in Sudo 1.7.0?
884:
885: * Rewritten parser that converts sudoers into a set of data structures.
886: This eliminates a number of ordering issues and makes it possible to
887: apply sudoers Defaults entries before searching for the command.
888: It also adds support for per-command Defaults specifications.
889:
890: * Sudoers now supports a #include facility to allow the inclusion of other
891: sudoers-format files.
892:
893: * Sudo's -l (list) flag has been enhanced:
894: o applicable Defaults options are now listed
895: o a command argument can be specified for testing whether a user
896: may run a specific command.
897: o a new -U flag can be used in conjunction with "sudo -l" to allow
898: root (or a user with "sudo ALL") list another user's privileges.
899:
900: * A new -g flag has been added to allow the user to specify a
901: primary group to run the command as. The sudoers syntax has been
902: extended to include a group section in the Runas specification.
903:
904: * A uid may now be used anywhere a username is valid.
905:
906: * The "secure_path" run-time Defaults option has been restored.
907:
908: * Password and group data is now cached for fast lookups.
909:
910: * The file descriptor at which sudo starts closing all open files is now
911: configurable via sudoers and, optionally, the command line.
912:
913: * Visudo will now warn about aliases that are defined but not used.
914:
915: * The -i and -s command line flags now take an optional command
916: to be run via the shell. Previously, the argument was passed
917: to the shell as a script to run.
918:
919: * Improved LDAP support. SASL authentication may now be used in
920: conjunction when connecting to an LDAP server. The krb5_ccname
921: parameter in ldap.conf may be used to enable Kerberos.
922:
923: * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf
924: to specify the sudoers order. E.g.:
925: sudoers: ldap files
926: to check LDAP, then /etc/sudoers. The default is "files", even
927: when LDAP support is compiled in. This differs from sudo 1.6
928: where LDAP was always consulted first.
929:
930: * Support for /etc/environment on AIX and Linux. If sudo is run
931: with the -i flag, the contents of /etc/environment are used to
932: populate the new environment that is passed to the command being
933: run.
934:
935: * If no terminal is available or if the new -A flag is specified,
936: sudo will use a helper program to read the password if one is
937: configured. Typically, this is a graphical password prompter
938: such as ssh-askpass.
939:
940: * A new Defaults option, "mailfrom" that sets the value of the
941: "From:" field in the warning/error mail. If unspecified, the
942: login name of the invoking user is used.
943:
944: * A new Defaults option, "env_file" that refers to a file containing
945: environment variables to be set in the command being run.
946:
947: * A new flag, -n, may be used to indicate that sudo should not
948: prompt the user for a password and, instead, exit with an error
949: if authentication is required.
950:
951: * If sudo needs to prompt for a password and it is unable to disable
952: echo (and no askpass program is defined), it will refuse to run
953: unless the "visiblepw" Defaults option has been specified.
954:
955: * Prior to version 1.7.0, hitting enter/return at the Password: prompt
956: would exit sudo. In sudo 1.7.0 and beyond, this is treated as
957: an empty password. To exit sudo, the user must press ^C or ^D
958: at the prompt.
959:
960: * visudo will now check the sudoers file owner and mode in -c (check)
961: mode when the -s (strict) flag is specified.
962:
963: * A new Defaults option "umask_override" will cause sudo to set the
964: umask specified in sudoers even if it is more permissive than the
965: invoking user's umask.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>