Annotation of embedaddon/sudo/NEWS, revision 1.1.1.4
1.1.1.4 ! misho 1: What's new in Sudo 1.8.7?
! 2:
! 3: * The non-Unix group plugin is now supported when sudoers data
! 4: is stored in LDAP.
! 5:
! 6: * Sudo now uses a workaround for a locale bug on Solaris 11.0
! 7: that prevents setuid programs like sudo from fully using locales.
! 8:
! 9: * User messages are now always displayed in the user's locale,
! 10: even when the same message is being logged or mailed in a
! 11: different locale.
! 12:
! 13: * Log files created by sudo now explicitly have the group set
! 14: to group ID 0 rather than relying on BSD group semantics (which
! 15: may not be the default).
! 16:
! 17: * A new "exec_background" sudoers option can be used to initially
! 18: run the command without read access to the terminal when running
! 19: a command in a pseudo-tty. If the command tries to read from
! 20: the terminal it will be stopped by the kernel (via SIGTTIN or
! 21: SIGTTOU) and sudo will immediately restart it as the forground
! 22: process (if possible). This allows sudo to only pass terminal
! 23: input to the program if the program actually is expecting it.
! 24: Unfortunately, a few poorly-behaved programs (like "su" on most
! 25: Linux systems) do not handle SIGTTIN and SIGTTOU properly.
! 26:
! 27: * Sudo now uses an efficient group query to get all the groups
! 28: for a user instead of iterating over every record in the group
! 29: database on HP-UX and Solaris.
! 30:
! 31: * Sudo now produces better error messages when there is an error
! 32: in the sudo.conf file.
! 33:
! 34: * Two new settings have been added to sudo.conf to give the admin
! 35: better control of how group database queries are performed. The
! 36: "group_source" specifies how the group list for a user will be
! 37: determined. Legal values are "static" (use the kernel groups
! 38: list), "dynamic" (perform a group database query) and "adaptive"
! 39: (only perform a group database query if the kernel list is full).
! 40: The "max_groups" specifies the maximum number of groups a user may
! 41: belong to when performing a group database query.
! 42:
! 43: * The sudo.conf file now supports line continuation by using a
! 44: backslash as the last character on the line.
! 45:
! 46: * There is now a standalone sudo.conf manual page.
! 47:
! 48: * Sudo now stores its libexec files in a "sudo" subdirectory instead
! 49: of in libexec itself. For backwards compatibility, if the plugin
! 50: is not found in the default plugin directory, sudo will check
! 51: the parent directory if the default directory ends in "/sudo".
! 52:
! 53: * The sudoers I/O logging plugin now logs the terminal size.
! 54:
! 55: * A new sudoers option "maxseq" can be used to limit the number of
! 56: I/O log entries that are stored.
! 57:
! 58: * The "system_group" and "group_file" sudoers group provider plugins
! 59: are now installed by default.
! 60:
! 61: * The list output (sudo -l) output from the sudoers plugin is now
! 62: less ambiguous when an entry includes different runas users.
! 63: The long list output (sudo -ll) for file-based sudoers is now
! 64: more consistent with the format of LDAP-based sudoers.
! 65:
! 66: * A uid may now be used in the sudoRunAsUser attributes for LDAP
! 67: sudoers.
! 68:
! 69: * Minor plugin API change: the close and version functions are now
! 70: optional. If the policy plugin does not provide a close function
! 71: and the command is not being run in a new pseudo-tty, sudo may
! 72: now execute the command directly instead of in a child process.
! 73:
! 74: * A new sudoers option "pam_session" can be used to disable sudo's
! 75: PAM session support.
! 76:
! 77: * On HP-UX systems, sudo will now use the pstat() function to
! 78: determine the tty instead of ttyname().
! 79:
! 80: * Turkish translation for sudo and sudoers from translationproject.org.
! 81:
! 82: * Dutch translation for sudo and sudoers from translationproject.org.
! 83:
! 84: * Tivoli Directory Server client libraries may now be used with
! 85: HP-UX where libibmldap has a hidden dependency on libCsup.
! 86:
! 87: * The sudoers plugin will now ignore invalid domain names when
! 88: checking netgroup membership. Most Linux systems use the string
! 89: "(none)" for the NIS-style domain name instead of an empty string.
! 90:
! 91: * New support for specifying a SHA-2 digest along with the command
! 92: in sudoers. Supported hash types are sha224, sha256, sha384 and
! 93: sha512. See the description of Digest_Spec in the sudoers manual
! 94: or the description of sudoCommand in the sudoers.ldap manual for
! 95: details.
! 96:
! 97: * The paths to ldap.conf and ldap.secret may now be specified as
! 98: arguments to the sudoers plugin in the sudo.conf file.
! 99:
! 100: * Fixed potential false positives in visudo's alias cycle detection.
! 101:
! 102: * Fixed a problem where the time stamp file was being treated
! 103: as out of date on Linux systems where the change time on the
! 104: pseudo-tty device node can change after it is allocated.
! 105:
! 106: * Sudo now only builds Position Independent Executables (PIE)
! 107: by default on Linux systems and verifies that a trivial test
! 108: program builds and runs.
! 109:
! 110: * On Solaris 11.1 and higher, sudo binaries will now have the
! 111: ASLR tag enabled if supported by the linker.
! 112:
! 113: What's new in Sudo 1.8.6p8?
! 114:
! 115: * Terminal detection now works properly on 64-bit AIX kernels.
! 116: This was broken by the removal of the ttyname() fallback in Sudo
! 117: 1.8.6p6. Sudo is now able to map an AIX 64-bit device number
! 118: to the corresponding device file in /dev.
! 119:
! 120: * Sudo now checks for crypt() returning NULL when performing
! 121: passwd-based authentication.
! 122:
! 123: What's new in Sudo 1.8.6p7?
! 124:
! 125: * A time stamp file with the date set to the epoch by "sudo -k"
! 126: is now completely ignored regardless of what the local clock is
! 127: set to. Previously, if the local clock was set to a value between
! 128: the epoch and the time stamp timeout value, a time stamp reset
! 129: by "sudo -k" would be considered current.
! 130:
! 131: * The tty-specific time stamp file now includes the session ID
! 132: of the sudo process that created it. If a process with the same
! 133: tty but a different session ID runs sudo, the user will now be
! 134: prompted for a password (assuming authentication is required for
! 135: the command).
! 136:
! 137: What's new in Sudo 1.8.6p6?
! 138:
! 139: * On systems where the controlling tty can be determined via /proc
! 140: or sysctl(), sudo will no longer fall back to using ttyname()
! 141: if the process has no controlling tty. This prevents sudo from
! 142: using a non-controlling tty for logging and time stamp purposes.
! 143:
! 144: What's new in Sudo 1.8.6p5?
! 145:
! 146: * Fixed a potential crash in visudo's alias cycle detection.
! 147:
! 148: * Improved performance on Solaris when retrieving the group list
! 149: for the target user. On systems with a large number of groups
! 150: where the group database is not local (NIS, LDAP, AD), fetching
! 151: the group list could take a minute or more.
! 152:
! 153: What's new in Sudo 1.8.6p4?
! 154:
! 155: * The -fstack-protector is now used when linking visudo, sudoreplay
! 156: and testsudoers.
! 157:
! 158: * Avoid building PIE binaries on FreeBSD/ia64 as they don't run
! 159: properly.
! 160:
! 161: * Fixed a crash in visudo strict mode when an unknown Defaults
! 162: setting is encountered.
! 163:
! 164: * Do not inform the user that the command was not permitted by the
! 165: policy if they do not successfully authenticate. This is a
! 166: regression introduced in sudo 1.8.6.
! 167:
! 168: * Allow sudo to be build with sss support without also including
! 169: ldap support.
! 170:
! 171: * Fix running commands that need the terminal in the background
! 172: when I/O logging is enabled. E.g. "sudo vi &". When the command
! 173: is foregrounded, it will now resume properly.
! 174:
1.1.1.3 misho 175: What's new in Sudo 1.8.6p3?
176:
177: * Fixed post-processing of the man pages on systems with legacy
178: versions of sed.
179:
180: * Fixed "sudoreplay -l" on Linux systems with file systems that
181: set DT_UNKNOWN in the d_type field of struct dirent.
182:
183: What's new in Sudo 1.8.6p2?
184:
185: * Fixed suspending a command after it has already been resumed
186: once when I/O logging (or use_pty) is not enabled.
187: This was a regression introduced in version 1.8.6.
188:
189: What's new in Sudo 1.8.6p1?
190:
191: * Fixed the setting of LOGNAME, USER and USERNAME variables in the
192: command's environment when env_reset is enabled (the default).
193: This was a regression introduced in version 1.8.6.
194:
195: * Sudo now honors SUCCESS=return in /etc/nsswitch.conf.
196:
197: What's new in Sudo 1.8.6?
198:
199: * Sudo is now built with the -fstack-protector flag if the the
200: compiler supports it. Also, the -zrelro linker flag is used if
201: supported. The --disable-hardening configure option can be used
202: to build sudo without stack smashing protection.
203:
204: * Sudo is now built as a Position Independent Executable (PIE)
205: if supported by the compiler and linker.
206:
207: * If the user is a member of the "exempt" group in sudoers, they
208: will no longer be prompted for a password even if the -k flag
209: is specified with the command. This makes "sudo -k command"
210: consistent with the behavior one would get if the user ran "sudo
211: -k" immediately before running the command.
212:
213: * The sudoers file may now be a symbolic link. Previously, sudo
214: would refuse to read sudoers unless it was a regular file.
215:
216: * The sudoreplay command can now properly replay sessions where
217: no tty was present.
218:
219: * The sudoers plugin now takes advantage of symbol visibility
220: controls when supported by the compiler or linker. As a result,
221: only a small number of symbols are exported which significantly
222: reduces the chances of a conflict with other shared objects.
223:
224: * Improved support for the Tivoli Directory Server LDAP client
225: libraries. This includes support for using LDAP over SSL (ldaps)
226: as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
227: ldap.conf options. A new ldap.conf option, TLS_KEYPW can be
228: used to specify a password to decrypt the key database.
229:
1.1.1.4 ! misho 230: * When constructing a time filter for use with LDAP sudoNotBefore
1.1.1.3 misho 231: and sudoNotAfter attributes, the current time now includes tenths
232: of a second. This fixes a problem with timed entries on Active
233: Directory.
234:
235: * If a user fails to authenticate and the command would be rejected
236: by sudoers, it is now logged with "command not allowed" instead
237: of "N incorrect password attempts". Likewise, the "mail_no_perms"
238: sudoers option now takes precedence over "mail_badpass".
239:
240: * The sudo manuals are now formatted using the mdoc macros. Versions
241: using the legacy man macros are provided for systems that lack mdoc.
242:
243: * New support for Solaris privilege sets. This makes it possible
244: to specify fine-grained privileges in the sudoers file on Solaris
245: 10 and above. A Runas_Spec that contains no Runas_Lists can be
246: used to give a user the ability to run a command as themselves
247: but with an expanded privilege set.
248:
249: * Fixed a problem with the reboot and shutdown commands on some
250: systems (such as HP-UX and BSD). On these systems, reboot sends
251: all processes (except itself) SIGTERM. When sudo received
252: SIGTERM, it would relay it to the reboot process, thus killing
253: reboot before it had a chance to actually reboot the system.
254:
255: * Support for using the System Security Services Daemon (SSSD) as
256: a source of sudoers data.
257:
258: * Slovenian translation for sudo and sudoers from translationproject.org.
259:
260: * Visudo will now warn about unknown Defaults entries that are
261: per-host, per-user, per-runas or per-command.
262:
263: * Fixed a race condition that could cause sudo to receive SIGTTOU
264: (and stop) when resuming a shell that was run via sudo when I/O
265: logging (and use_pty) is not enabled.
266:
267: * Sending SIGTSTP directly to the sudo process will now suspend the
268: running command when I/O logging (and use_pty) is not enabled.
269:
270: What's new in Sudo 1.8.5p3?
271:
272: * Fixed the loading of I/O plugins that conform to a plugin API
273: version older than 1.2.
274:
275: What's new in Sudo 1.8.5p2?
276:
277: * Fixed use of the SUDO_ASKPASS environment variable which was
278: broken in Sudo 1.8.5.
279:
280: * Fixed a problem reading the sudoers file when the file mode is
281: more restrictive than the expected mode. For example, when the
282: expected sudoers file mode is 0440 but the actual mode is 0400.
283:
1.1.1.2 misho 284: What's new in Sudo 1.8.5p1?
285:
286: * Fixed a bug that prevented files in an include directory from
287: being evaluated.
288:
289: What's new in Sudo 1.8.5?
290:
291: * When "noexec" is enabled, sudo_noexec.so will now be prepended
292: to any existing LD_PRELOAD variable instead of replacing it.
293:
294: * The sudo_noexec.so shared library now wraps the execvpe(),
295: exect(), posix_spawn() and posix_spawnp() functions.
296:
297: * The user/group/mode checks on sudoers files have been relaxed.
298: As long as the file is owned by the sudoers uid, not world-writable
299: and not writable by a group other than the sudoers gid, the file
300: is considered OK. Note that visudo will still set the mode to
301: the value specified at configure time.
302:
303: * It is now possible to specify the sudoers path, uid, gid and
304: file mode as options to the plugin in the sudo.conf file.
305:
306: * Croatian, Galician, German, Lithuanian, Swedish and Vietnamese
307: translations from translationproject.org.
308:
309: * /etc/environment is no longer read directly on Linux systems
310: when PAM is used. Sudo now merges the PAM environment into the
311: user's environment which is typically set by the pam_env module.
312:
313: * The initial evironment created when env_reset is in effect now
314: includes the contents of /etc/environment on AIX systems and the
315: "setenv" and "path" entries from /etc/login.conf on BSD systems.
316:
317: * The plugin API has been extended in three ways. First, options
318: specified in sudo.conf after the plugin pathname are passed to
319: the plugin's open function. Second, sudo has limited support
320: for hooks that can be used by plugins. Currently, the hooks are
321: limited to environment handling functions. Third, the init_session
322: policy plugin function is passed a pointer to the user environment
323: which can be updated during session setup. The plugin API version
324: has been incremented to version 1.2. See the sudo_plugin manual
325: for more information.
326:
327: * The policy plugin's init_session function is now called by the
328: parent sudo process, not the child process that executes the
329: command. This allows the PAM session to be open and closed in
330: the same process, which some PAM modules require.
331:
332: * Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf,
333: which was broken in version 1.8.4.
334:
335: * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
336: file is now uses to determine the controlling terminal, if possible.
337: This allows tty-based tickets to work properly even when, e.g.
338: standard input, output and error are redirected to /dev/null.
339:
340: * The output of "sudoreplay -l" is now sorted by file name (or
341: sequence number). Previously, entries were displayed in the
342: order in which they were found on the file system.
343:
344: * Sudo now behaves properly when I/O logging is enabled and the
345: controlling terminal is revoked (e.g. the running sshd is killed).
346: Previously, sudo may have exited without calling the I/O plugin's
347: close function which can lead to an incomplete I/O log.
348:
349: * Sudo can now detect when a user has logged out and back in again
350: on Solaris 11, just like it can on Solaris 10.
351:
352: * The built-in zlib included with Sudo has been upgraded to version
353: 1.2.6.
354:
355: * Setting the SSL parameter to start_tls in ldap.conf now works
356: properly when using Mozilla-based SDKs that support the
357: ldap_start_tls_s() function.
358:
359: * The TLS_CHECKPEER parameter in ldap.conf now works when the
360: Mozilla NSS crypto backend is used with OpenLDAP.
361:
362: * A new group provider plugin, system_group, is included which
363: performs group look ups by name using the system groups database.
364: This can be used to restore the pre-1.7.3 sudo group lookup
365: behavior.
366:
367: What's new in Sudo 1.8.4p5?
368:
369: * Fixed a bug when matching against an IP address with an associated
370: netmask in the sudoers file. In certain circumstances, this
371: could allow users to run commands on hosts they are not authorized
372: for.
373:
374: What's new in Sudo 1.8.4p4?
375:
376: * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v"
377: from working.
378:
379: What's new in Sudo 1.8.4p3?
380:
381: * Fixed a crash on FreeBSD when no tty is present.
382:
383: * Fixed a bug introduced in Sudo 1.8.4 that allowed users to
384: specify environment variables to set on the command line without
385: having sudo "ALL" permissions or the "SETENV" tag.
386:
387: * When visudo is run with the -c (check) option, the sudoers
388: file(s) owner and mode are now also checked unless the -f option
389: was specified.
390:
391: What's new in Sudo 1.8.4p2?
392:
393: * Fixed a bug introduced in Sudo 1.8.4 where insufficient space
394: was allocated for group IDs in the LDAP filter.
395:
396: * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf
397: was "/sudo.conf" instead of "/etc/sudo.conf".
398:
399: * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang
400: when I/O logging is enabled and input is from a pipe or file.
401:
402: What's new in Sudo 1.8.4p1?
403:
404: * Fixed a bug introduced in sudo 1.8.4 that broke adding to or
405: deleting from the env_keep, env_check and env_delete lists in
406: sudoers on some platforms.
407:
408: What's new in Sudo 1.8.4?
409:
410: * The -D flag in sudo has been replaced with a more general debugging
411: framework that is configured in sudo.conf.
412:
413: * Fixed a false positive in visudo strict mode when aliases are
414: in use.
415:
416: * Fixed a crash with "sudo -i" when a runas group was specified
417: without a runas user.
418:
419: * The line on which a syntax error is reported in the sudoers file
420: is now more accurate. Previously it was often off by a line.
421:
422: * Fixed a bug where stack garbage could be printed at the end of
423: the lecture when the "lecture_file" option was enabled.
424:
425: * "make install" now honors the LINGUAS environment variable.
426:
427: * The #include and #includedir directives in sudoers now support
428: relative paths. If the path is not fully qualified it is expected
429: to be located in the same directory of the sudoers file that is
430: including it.
431:
432: * Serbian and Spanish translations for sudo from translationproject.org.
433:
434: * LDAP-based sudoers may now access by group ID in addition to
435: group name.
436:
437: * visudo will now fix the mode on the sudoers file even if no changes
438: are made unless the -f option is specified.
439:
440: * The "use_loginclass" sudoers option works properly again.
441:
442: * On systems that use login.conf, "sudo -i" now sets environment
443: variables based on login.conf.
444:
445: * For LDAP-based sudoers, values in the search expression are now
446: escaped as per RFC 4515.
447:
448: * The plugin close function is now properly called when a login
449: session is killed (as opposed to the actual command being killed).
450: This can happen when an ssh session is disconnected or the
451: terminal window is closed.
452:
453: * The deprecated "noexec_file" sudoers option is no longer supported.
454:
455: * Fixed a race condition when I/O logging is not enabled that could
456: result in tty-generated signals (e.g. control-C) being received
457: by the command twice.
458:
459: * If none of the standard input, output or error are connected to
460: a tty device, sudo will now check its parent's standard input,
461: output or error for the tty name on systems with /proc and BSD
462: systems that support the KERN_PROC_PID sysctl. This allows
463: tty-based tickets to work properly even when, e.g. standard
464: input, output and error are redirected to /dev/null.
465:
466: * Added the --enable-kerb5-instance configure option to allow
467: people using Kerberos V authentication to specify a custom
468: instance so the principal name can be, e.g. "username/sudo"
469: similar to how ksu uses "username/root".
470:
471: * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
472: the results, which would be incorrectly be interpreted as if the
473: sudoers file had specified a directory.
474:
475: * "visudo -c" will now list any include files that were checked
476: in addition to the main sudoers file when everything parses OK.
477:
478: * Users that only have read-only access to the sudoers file may
479: now run "visudo -c". Previously, write permissions were required
480: even though no writing is down in check-only mode.
481:
482: * It is now possible to prevent the disabling of core dumps from
483: within sudo itself by adding a line to the sudo.conf file like
484: "Set disable_coredump false".
485:
1.1 misho 486: What's new in Sudo 1.8.3p2?
487:
488: * Fixed a format string vulnerability when the sudo binary (or a
489: symbolic link to the sudo binary) contains printf format escapes
490: and the -D (debugging) flag is used.
491:
492: What's new in Sudo 1.8.3p1?
493:
494: * Fixed a crash in the monitor process on Solaris when NOPASSWD
495: was specified or when authentication was disabled.
1.1.1.4 ! misho 496:
1.1 misho 497: * Fixed matching of a Runas_Alias in the group section of a
498: Runas_Spec.
499:
500: What's new in Sudo 1.8.3?
501:
502: * Fixed expansion of strftime() escape sequences in the "log_dir"
503: sudoers setting.
504:
505: * Esperanto, Italian and Japanese translations from translationproject.org.
506:
507: * Sudo will now use PAM by default on AIX 6 and higher.
508:
509: * Added --enable-werror configure option for gcc's -Werror flag.
510:
511: * Visudo no longer assumes all editors support the +linenumber
512: command line argument. It now uses a whitelist of editors known
513: to support the option.
514:
515: * Fixed matching of network addresses when a netmask is specified
516: but the address is not the first one in the CIDR block.
517:
518: * The configure script now check whether or not errno.h declares
519: the errno variable. Previously, sudo would always declare errno
520: itself for older systems that don't declare it in errno.h.
521:
522: * The NOPASSWD tag is now honored for denied commands too, which
523: matches historic sudo behavior (prior to sudo 1.7.0).
524:
525: * Sudo now honors the "DEREF" setting in ldap.conf which controls
526: how alias dereferencing is done during an LDAP search.
527:
528: * A symbol conflict with the pam_ssh_agent_auth PAM module that
529: would cause a crash been resolved.
530:
531: * The inability to load a group provider plugin is no longer
532: a fatal error.
533:
534: * A potential crash in the utmp handling code has been fixed.
535:
536: * Two PAM session issues have been resolved. In previous versions
537: of sudo, the PAM session was opened as one user and closed as
538: another. Additionally, if no authentication was performed, the
539: PAM session would never be closed.
540:
541: * Sudo will now work correctly with LDAP-based sudoers using TLS
542: or SSL on Debian systems.
543:
544: * The LOGNAME, USER and USERNAME environment variables are preserved
545: correctly again in sudoedit mode.
546:
547: What's new in Sudo 1.8.2?
548:
549: * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural
550: language support (NLS). This can be disabled by passing configure
551: the --disable-nls option. Sudo will use gettext(), if available,
552: to display translated messages. All translations are coordinated
553: via The Translation Project, http://translationproject.org/.
554:
555: * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of
556: RTLD_LOCAL. This fixes missing symbol problems in PAM modules
557: on certain platforms, such as FreeBSD and SuSE Linux Enterprise.
558:
559: * I/O logging is now supported for commands run in background mode
560: (using sudo's -b flag).
561:
562: * Group ownership of the sudoers file is now only enforced when
563: the file mode on sudoers allows group readability or writability.
564:
565: * Visudo now checks the contents of an alias and warns about cycles
566: when the alias is expanded.
567:
1.1.1.2 misho 568: * If the user specifies a group via sudo's -g option that matches
1.1 misho 569: the target user's group in the password database, it is now
570: allowed even if no groups are present in the Runas_Spec.
571:
572: * The sudo Makefiles now have more complete dependencies which are
573: automatically generated instead of being maintained manually.
574:
575: * The "use_pty" sudoers option is now correctly passed back to the
576: sudo front end. This was missing in previous versions of sudo
577: 1.8 which prevented "use_pty" from being honored.
578:
579: * "sudo -i command" now works correctly with the bash version
580: 2.0 and higher. Previously, the .bash_profile would not be
581: sourced prior to running the command unless bash was built with
582: NON_INTERACTIVE_LOGIN_SHELLS defined.
583:
584: * When matching groups in the sudoers file, sudo will now match
585: based on the name of the group instead of the group ID. This can
586: substantially reduce the number of group lookups for sudoers
587: files that contain a large number of groups.
588:
589: * Multi-factor authentication is now supported on AIX.
590:
591: * Added support for non-RFC 4517 compliant LDAP servers that require
592: that seconds be present in a timestamp, such as Tivoli Directory Server.
593:
594: * If the group vector is to be preserved, the PATH search for the
595: command is now done with the user's original group vector.
596:
597: * For LDAP-based sudoers, the "runas_default" sudoOption now works
598: properly in a sudoRole that contains a sudoCommand.
599:
600: * Spaces in command line arguments for "sudo -s" and "sudo -i" are
601: now escaped with a backslash when checking the security policy.
602:
603: What's new in Sudo 1.8.1p2?
604:
605: * Two-character CIDR-style IPv4 netmasks are now matched correctly
606: in the sudoers file.
607:
608: * A build error with MIT Kerberos V has been resolved.
609:
610: * A crash on HP-UX in the sudoers plugin when wildcards are
611: present in the sudoers file has been resolved.
612:
613: * Sudo now works correctly on Tru64 Unix again.
614:
615: What's new in Sudo 1.8.1p1?
616:
617: * Fixed a problem on AIX where sudo was unable to set the final
618: uid if the PAM module modified the effective uid.
619:
620: * A non-existent includedir is now treated the same as an empty
621: directory and not reported as an error.
622:
623: * Removed extraneous parens in LDAP filter when sudoers_search_filter
624: is enabled that can cause an LDAP search error.
625:
626: * Fixed a "make -j" problem for "make install".
627:
628: What's new in Sudo 1.8.1?
629:
630: * A new LDAP setting, sudoers_search_filter, has been added to
631: ldap.conf. This setting can be used to restrict the set of
632: records returned by the LDAP query. Based on changes from Matthew
633: Thomas.
634:
635: * White space is now permitted within a User_List when used in
636: conjunction with a per-user Defaults definition.
637:
638: * A group ID (%#gid) may now be specified in a User_List or Runas_List.
639: Likewise, for non-Unix groups the syntax is %:#gid.
640:
641: * Support for double-quoted words in the sudoers file has been fixed.
642: The change in 1.7.5 for escaping the double quote character
643: caused the double quoting to only be available at the beginning
644: of an entry.
645:
646: * The fix for resuming a suspended shell in 1.7.5 caused problems
647: with resuming non-shells on Linux. Sudo will now save the process
648: group ID of the program it is running on suspend and restore it
649: when resuming, which fixes both problems.
650:
651: * A bug that could result in corrupted output in "sudo -l" has been
652: fixed.
653:
654: * Sudo will now create an entry in the utmp (or utmpx) file when
655: allocating a pseudo-tty (e.g. when logging I/O). The "set_utmp"
656: and "utmp_runas" sudoers file options can be used to control this.
657: Other policy plugins may use the "set_utmp" and "utmp_user"
658: entries in the command_info list.
659:
660: * The sudoers policy now stores the TSID field in the logs
661: even when the "iolog_file" sudoers option is defined to a value
662: other than %{sessid}. Previously, the TSID field was only
663: included in the log file when the "iolog_file" option was set
664: to its default value.
665:
666: * The sudoreplay utility now supports arbitrary session IDs.
667: Previously, it would only work with the base-36 session IDs
668: that the sudoers plugin uses by default.
669:
670: * Sudo now passes "run_shell=true" to the policy plugin in the
671: settings list when sudo's -s command line option is specified.
672: The sudoers policy plugin uses this to implement the "set_home"
673: sudoers option which was missing from sudo 1.8.0.
674:
675: * The "noexec" functionality has been moved out of the sudoers
676: policy plugin and into the sudo front-end, which matches the
677: behavior documented in the plugin writer's guide. As a result,
678: the path to the noexec file is now specified in the sudo.conf
679: file instead of the sudoers file.
680:
681: * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to
682: implement the "noexec" feature. Previously, this was implemented
683: via the LD_PRELOAD environment variable.
684:
685: * The exit values for "sudo -l", "sudo -v" and "sudo -l command"
686: have been fixed in the sudoers policy plugin.
687:
688: * The sudoers policy plugin now passes the login class, if any,
689: back to the sudo front-end.
690:
691: * The sudoers policy plugin was not being linked with requisite
692: libraries in certain configurations.
693:
694: * Sudo now parses command line arguments before loading any plugins.
695: This allows "sudo -V" or "sudo -h" to work even if there is a problem
696: with sudo.conf
697:
698: * Plugins are now linked with the static version of libgcc to allow
699: the plugin to run on a system where no shared libgcc is installed,
700: or where it is installed in a different location.
701:
702: What's new in Sudo 1.8.0?
703:
704: * Sudo has been refactored to use a modular framework that can
705: support third-party policy and I/O logging plugins. The default
706: plugin is "sudoers" which provides the traditional sudo functionality.
707: See the sudo_plugin manual for details on the plugin API and the
708: sample in the plugins directory for a simple example.
709:
710: What's new in Sudo 1.7.5?
711:
712: * When using visudo in check mode, a file named "-" may be used to
713: check sudoers data on the standard input.
714:
715: * Sudo now only fetches shadow password entries when using the
716: password database directly for authentication.
717:
718: * Password and group entries are now cached using the same key
719: that was used to look them up. This fixes a problem when looking
720: up entries by name if the name in the retrieved entry does not
721: match the name used to look it up. This may happen on some systems
722: that do case insensitive lookups or that truncate long names.
723:
724: * GCC will no longer display warnings on glibc systems that use
725: the warn_unused_result attribute for write(2) and other system calls.
726:
727: * If a PAM account management module denies access, sudo now prints
728: a more useful error message and stops trying to validate the user.
729:
730: * Fixed a potential hang on idle systems when the sudo-run process
731: exits immediately.
732:
733: * Sudo now includes a copy of zlib that will be used on systems
734: that do not have zlib installed.
735:
736: * The --with-umask-override configure flag has been added to enable
737: the "umask_override" sudoers Defaults option at build time.
738:
739: * Sudo now unblocks all signals on startup to avoid problems caused
740: by the parent process changing the default signal mask.
741:
742: * LDAP Sudoers entries may now specify a time period for which
743: the entry is valid. This requires an updated sudoers schema
744: that includes the sudoNotBefore and sudoNotAfter attributes.
745: Support for timed entries must be explicitly enabled in the
746: ldap.conf file. Based on changes from Andreas Mueller.
747:
748: * LDAP Sudoers entries may now specify a sudoOrder attribute that
749: determines the order in which matching entries are applied. The
750: last matching entry is used, just like file-based sudoers. This
751: requires an updated sudoers schema that includes the sudoOrder
752: attribute. Based on changes from Andreas Mueller.
753:
754: * When run as sudoedit, or when given the -e flag, sudo now treats
755: command line arguments as pathnames. This means that slashes
756: in the sudoers file entry must explicitly match slashes in
757: the command line arguments. As a result, and entry such as:
758: user ALL = sudoedit /etc/*
759: will allow editing of /etc/motd but not /etc/security/default.
760:
761: * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for
762: compatibility with OpenLDAP configuration files.
763:
764: * The LDAP API TIMEOUT parameter is now honored in ldap.conf.
765:
766: * The I/O log directory may now be specified in the sudoers file.
767:
768: * Sudo will no longer refuse to run if the sudoers file is writable
769: by root.
770:
771: * Sudo now performs command line escaping for "sudo -s" and "sudo -i"
772: after validating the command so the sudoers entries do not need
773: to include the backslashes.
774:
775: * Logging and email sending are now done in the locale specified
776: by the "sudoers_locale" setting ("C" by default). Email send by
777: sudo now includes MIME headers when "sudoers_locale" is not "C".
778:
779: * The configure script has a new option, --disable-env-reset, to
780: allow one to change the default for the sudoers Default setting
781: "env_reset" at compile time.
782:
783: * When logging "sudo -l command", sudo will now prepend "list "
784: to the command in the log line to distinguish between an
785: actual command invocation in the logs.
786:
787: * Double-quoted group and user names may now include escaped double
788: quotes as part of the name. Previously this was a parse error.
789:
790: * Sudo once again restores the state of the signal handlers it
791: modifies before executing the command. This allows sudo to be
792: used with the nohup command.
793:
794: * Resuming a suspended shell now works properly when I/O logging
795: is not enabled (the I/O logging case was already correct).
796:
797: What's new in Sudo 1.7.4p6?
798:
799: * A bug has been fixed in the I/O logging support that could cause
800: visual artifacts in full-screen programs such as text editors.
801:
802: What's new in Sudo 1.7.4p5?
803:
804: * A bug has been fixed that would allow a command to be run without the
805: user entering a password when sudo's -g flag is used without the -u flag.
806:
807: * If user has no supplementary groups, sudo will now fall back on checking
808: the group file explicitly, which restores historic sudo behavior.
809:
810: * A crash has been fixed when sudo's -g flag is used without the -u flag
811: and the sudoers file contains an entry with no runas user or group listed.
812:
813: * A crash has been fixed when the Solaris project support is enabled
814: and sudo's -g flag is used without the -u flag.
815:
816: * Sudo no longer exits with an error when support for auditing is
817: compiled in but auditing is not enabled.
818:
819: * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
820: being honored when the "targetpw" sudoers Defaults option was enabled.
821:
822: * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
823:
824: * A crash has been fixed in "sudo -l" when sudo is built with auditing
825: support and the user is not allowed to run any commands on the host.
826:
827: What's new in Sudo 1.7.4p4?
828:
829: * A potential security issue has been fixed with respect to the handling
830: of sudo's -g command line option when -u is also specified. The flaw
831: may allow an attacker to run commands as a user that is not authorized
832: by the sudoers file.
833:
834: * A bug has been fixed where "sudo -l" output was incomplete if multiple
835: sudoers sources were defined in nsswitch.conf and there was an error
836: querying one of the sources.
837:
838: * The log_input, log_output, and use_pty sudoers options now work correctly
839: on AIX. Previously, sudo would hang if they were enabled.
840:
841: * The "make install" target now works correctly when sudo is built in a
842: directory other than the source directory.
843:
844: * The "runas_default" sudoers setting now works properly in a per-command
845: Defaults line.
846:
847: * Suspending and resuming the bash shell when PAM is in use now works
848: correctly. The SIGCONT signal was not propagated to the child process.
849:
850: What's new in Sudo 1.7.4p3?
851:
852: * A bug has been fixed where duplicate HOME environment variables could be
853: present when the env_reset setting was disabled and the always_set_home
854: setting was enabled in sudoers.
855:
856: * The value of sysconfdir is now substituted into the path to the sudoers.d
857: directory in the installed sudoers file.
858:
859: * Compilation problems on IRIX and other platforms have been fixed.
860:
861: * If multiple PAM "auth" actions are specified and the user enters ^C at
862: the password prompt, sudo will no longer prompt for a password for any
863: subsequent "auth" actions. Previously it was necessary to enter ^C for
864: each "auth" action.
865:
866: What's new in Sudo 1.7.4p2?
867:
868: * A bug where sudo could spin in a busy loop waiting for the child process
869: has been fixed.
870:
871: What's new in Sudo 1.7.4p1?
872:
873: * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from
874: functioning when the tty_tickets sudoers option is enabled has been fixed.
875:
876: * Sudo no longer prints a warning when the -k or -K options are specified
877: and the ticket file does not exist.
878:
879: * It is now easier to cross-compile sudo.
880:
881: What's new in Sudo 1.7.4?
882:
883: * Sudoedit will now preserve the file extension in the name of the
884: temporary file being edited. The extension is used by some
885: editors (such as emacs) to choose the editing mode.
886:
887: * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
888: /var/lib/sudo or /var/adm/sudo. The directories are checked for
889: existence in that order. This prevents users from receiving the
890: sudo lecture every time the system reboots. Time stamp files older
891: than the boot time are ignored on systems where it is possible to
892: determine this.
893:
894: * The tty_tickets sudoers option is now enabled by default.
895:
896: * Ancillary documentation (README files, LICENSE, etc) is now installed
897: in a sudo documentation directory.
898:
899: * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
900: in ldap.conf.
901:
902: * Defaults settings that are tied to a user, host or command may
903: now include the negation operator. For example:
904: Defaults:!millert lecture
905: will match any user but millert.
906:
907: * The default PATH environment variable, used when no PATH variable
908: exists, now includes /usr/sbin and /sbin.
909:
910: * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
911: for cross-platform packing.
912:
913: * On Linux, sudo will now restore the nproc resource limit before
914: executing a command, unless the limit appears to have been modified
915: by pam_limits. This avoids a problem with bash scripts that open
916: more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
917: will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
918:
919: * The HOME and MAIL environment variables are now reset based on the
920: target user's password database entry when the env_reset sudoers option
921: is enabled (which is the case in the default configuration). Users
922: wishing to preserve the original values should use a sudoers entry like:
923: Defaults env_keep += HOME
924: to preserve the old value of HOME and
925: Defaults env_keep += MAIL
926: to preserve the old value of MAIL.
927:
928: * Fixed a problem in the restoration of the AIX authdb registry setting.
929:
930: * Sudo will now fork(2) and wait until the command has completed before
931: calling pam_close_session().
932:
933: * The default syslog facility is now "authpriv" if the operating system
934: supports it, else "auth".
935:
936: What's new in Sudo 1.7.3?
937:
938: * Support for logging I/O for the command being run.
939: For more information, see the documentation for the "log_input"
940: and "log_output" Defaults options in the sudoers manual. Also
941: see the sudoreplay manual for how to replay I/O log sessions.
942:
943: * The use_pty sudoers option can be used to force a command to be
944: run in a pseudo-pty, even when I/O logging is not enabled.
945:
946: * On some systems, sudo can now detect when a user has logged out
947: and back in again when tty-based time stamps are in use. Supported
948: systems include Solaris systems with the devices file system,
949: Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
950: only).
951:
952: * On AIX systems, the registry setting in /etc/security/user is
953: now taken into account when looking up users and groups. Sudo
954: now applies the correct the user and group ids when running a
955: command as a user whose account details come from a different
956: source (e.g. LDAP or DCE vs. local files).
957:
958: * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
959: When multiple entries are listed, sudo will try each one in the
960: order in which they are specified.
961:
962: * Sudo's SELinux support should now function correctly when running
963: commands as a non-root user and when one of stdin, stdout or stderr
964: is not a terminal.
965:
966: * Sudo will now use the Linux audit system with configure with
967: the --with-linux-audit flag.
968:
969: * Sudo now uses mbr_check_membership() on systems that support it
970: to determine group membership. Currently, only Darwin (Mac OS X)
971: supports this.
972:
973: * When the tty_tickets sudoers option is enabled but there is no
974: terminal device, sudo will no longer use or create a tty-based
975: ticket file. Previously, sudo would use a tty name of "unknown".
976: As a consequence, if a user has no terminal device, sudo will
977: now always prompt for a password.
978:
979: * The passwd_timeout and timestamp_timeout options may now be
980: specified as floating point numbers for more granular timeout
981: values.
982:
983: * Negating the fqdn option in sudoers now works correctly when sudo
984: is configured with the --with-fqdn option. In previous versions
985: of sudo the fqdn was set before sudoers was parsed.
986:
987: What's new in Sudo 1.7.2?
988:
989: * A new #includedir directive is available in sudoers. This can be
990: used to implement an /etc/sudo.d directory. Files in an includedir
991: are not edited by visudo unless they contain a syntax error.
992:
993: * The -g option did not work properly when only setting the group
994: (and not the user). Also, in -l mode the wrong user was displayed
995: for sudoers entries where only the group was allowed to be set.
996:
997: * Fixed a problem with the alias checking in visudo which
998: could prevent visudo from exiting.
999:
1000: * Sudo will now correctly parse the shell-style /etc/environment
1001: file format used by pam_env on Linux.
1002:
1003: * When doing password and group database lookups, sudo will only
1004: cache an entry by name or by id, depending on how the entry was
1005: looked up. Previously, sudo would cache by both name and id
1006: from a single lookup, but this breaks sites that have multiple
1007: password or group database names that map to the same uid or
1008: gid.
1009:
1010: * User and group names in sudoers may now be enclosed in double
1011: quotes to avoid having to escape special characters.
1012:
1013: * BSM audit fixes when changing to a non-root uid.
1014:
1015: * Experimental non-Unix group support. Currently only works with
1016: Quest Authorization Services and allows Active Directory groups
1017: fixes for Minix-3.
1018:
1019: * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
1020: paths may be specified as a directory or a file. However, version
1021: 5.0 of the SDK only appears to support using a directory (despite
1022: documentation to the contrary). If SSL client initialization
1023: fails and the certificate or key paths look like they could be
1024: default file name, strip off the last path element and try again.
1025:
1026: * A setenv() compatibility fix for Linux systems, where a NULL
1027: value is treated the same as an empty string and the variable
1028: name is checked against the NULL pointer.
1029:
1030: What's new in Sudo 1.7.1?
1031:
1032: * A new Defaults option "pwfeedback" will cause sudo to provide visual
1033: feedback when the user is entering a password.
1034:
1035: * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
1036: function for file name globbing instead of glob(). When this option
1037: is enabled, sudo will not check the file system when expanding wildcards.
1038: This is faster but a side effect is that relative paths with wildcard
1039: will no longer work.
1040:
1041: * New BSM audit support for systems that support it such as FreeBSD
1042: and Mac OS X.
1043:
1044: * The file name specified with the #include directive may now include
1045: a %h escape which is expanded to the short form of hostname.
1046:
1047: * The -k flag may now be specified along with a command, causing the
1048: user's timestamp file to be ignored.
1049:
1050: * New support for Tivoli-based LDAP START_TLS, present in AIX.
1051:
1052: * New support for /etc/netsvc.conf on AIX.
1053:
1054: * The unused alias checks in visudo now handle the case of an alias
1055: referring to another alias.
1056:
1057: What's new in Sudo 1.7.0?
1058:
1059: * Rewritten parser that converts sudoers into a set of data structures.
1060: This eliminates a number of ordering issues and makes it possible to
1061: apply sudoers Defaults entries before searching for the command.
1062: It also adds support for per-command Defaults specifications.
1063:
1064: * Sudoers now supports a #include facility to allow the inclusion of other
1065: sudoers-format files.
1066:
1067: * Sudo's -l (list) flag has been enhanced:
1068: o applicable Defaults options are now listed
1069: o a command argument can be specified for testing whether a user
1070: may run a specific command.
1071: o a new -U flag can be used in conjunction with "sudo -l" to allow
1072: root (or a user with "sudo ALL") list another user's privileges.
1073:
1074: * A new -g flag has been added to allow the user to specify a
1075: primary group to run the command as. The sudoers syntax has been
1076: extended to include a group section in the Runas specification.
1077:
1078: * A uid may now be used anywhere a username is valid.
1079:
1080: * The "secure_path" run-time Defaults option has been restored.
1081:
1082: * Password and group data is now cached for fast lookups.
1083:
1084: * The file descriptor at which sudo starts closing all open files is now
1085: configurable via sudoers and, optionally, the command line.
1086:
1087: * Visudo will now warn about aliases that are defined but not used.
1088:
1089: * The -i and -s command line flags now take an optional command
1090: to be run via the shell. Previously, the argument was passed
1091: to the shell as a script to run.
1092:
1093: * Improved LDAP support. SASL authentication may now be used in
1094: conjunction when connecting to an LDAP server. The krb5_ccname
1095: parameter in ldap.conf may be used to enable Kerberos.
1096:
1097: * Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf
1098: to specify the sudoers order. E.g.:
1099: sudoers: ldap files
1100: to check LDAP, then /etc/sudoers. The default is "files", even
1101: when LDAP support is compiled in. This differs from sudo 1.6
1102: where LDAP was always consulted first.
1103:
1104: * Support for /etc/environment on AIX and Linux. If sudo is run
1105: with the -i flag, the contents of /etc/environment are used to
1106: populate the new environment that is passed to the command being
1107: run.
1108:
1109: * If no terminal is available or if the new -A flag is specified,
1110: sudo will use a helper program to read the password if one is
1111: configured. Typically, this is a graphical password prompter
1112: such as ssh-askpass.
1113:
1114: * A new Defaults option, "mailfrom" that sets the value of the
1115: "From:" field in the warning/error mail. If unspecified, the
1116: login name of the invoking user is used.
1117:
1118: * A new Defaults option, "env_file" that refers to a file containing
1119: environment variables to be set in the command being run.
1120:
1121: * A new flag, -n, may be used to indicate that sudo should not
1122: prompt the user for a password and, instead, exit with an error
1123: if authentication is required.
1124:
1125: * If sudo needs to prompt for a password and it is unable to disable
1126: echo (and no askpass program is defined), it will refuse to run
1127: unless the "visiblepw" Defaults option has been specified.
1128:
1129: * Prior to version 1.7.0, hitting enter/return at the Password: prompt
1130: would exit sudo. In sudo 1.7.0 and beyond, this is treated as
1131: an empty password. To exit sudo, the user must press ^C or ^D
1132: at the prompt.
1133:
1134: * visudo will now check the sudoers file owner and mode in -c (check)
1135: mode when the -s (strict) flag is specified.
1136:
1137: * A new Defaults option "umask_override" will cause sudo to set the
1138: umask specified in sudoers even if it is more permissive than the
1139: invoking user's umask.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to NEWS CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo